What prevents a malicious client from simply editing the source and sending back "false" calculations?

In my time as a web developer, probably the most important lesson I've learned is Never Trust the Client.