I've recently added md5() to my game and as I see, it works great and prevents the users from editing savefile. But however, I think they can bypass this.
since you have to have a default game hash variable in the game, I think you there is a way. I don't know if this is correct though since I don't know if I am actually using the proc right.
Whenever someone creates a new character, they are loaded with the default hash variable or a null hash variable right? So that there is not considered cheating. Let's say you save your character, and edit your character in a savefile editor. You see the hash variable and knows that either the hash has to be null or the default value so the system don't know and will set a hash for you when you login/save/write proc. If you login with a null hash or the default hash (it'll let you login cause it will think that you have a new character).