Not to be mean or anything, but net.WriteEntity(LocalPlayer()) is the absolute worst thing ever in network security.
If you use the ply argument serverside, the server knows who sent that message, therefore, no one can do harm to any other user.
There’s no way to completely stop the client from being bad, it’s bound to happen. You’re going to have to make sure that everything is in check yourself. Hey, besides, it makes you practice good security habits.
Remember the huge bug heartbleed? It was caused by trusting values sent from the client too much. Not unlike what you’re doing.
local str = net.ReadString()
MsgN("The player who sent the message was “…ply:SteamID()…” with message "…str)
Again, never trust the client, never trust the client, and always make sure to never trust the client.
[editline]31st August 2015[/editline]
If you don’t want them to send the message a billion times a second, check that on the server. If they are, ban them.
Maybe what you’re doing shouldn’t be done on the client at all and instead be handled by the server. This is something you should really consider.