You keep giving the same argument that they'll just replace an implemented UI mod with their modified mod, and then change over the UUID. My suggestion is that the client detects when a game is loaded and calls for a access token that is then generated by the integrated mods. When a game is issued as ranked, UI mods themselves are locked out from loading or being selected.
You can do exactly the same thing for the client, when they first log into the server to avoided non-authorised clients. Sure they can still go and hack the client, but at this point cheating is very difficult, and the community is to small for any sort of wide spread support the production of cheating mods that take that sort of effort.
As it stands anyone with basic knowledge of LUA can right now make a cheated UI mod and implement it with 0 restrictions. What I'm suggesting is not a "full proof" way. Its an "idiot proof" way. Basically it locks out idiots from being able to cheat the game.
You wouldn't even need an overly complex encryption key and you can base it fully on in game values, such as user ID. Parse the user name of the individual and then push it through an encryption module to generate a key that is then collected or sent to the server. As the server also has the user ID available it can do the same and match the code.
The qualm about work required is irrelevant. I'd be happy to contribute so long as I know it'd get implemented into the client.