Generally the opinion round here is that you have two options:
- Store the save file on a server you control and make the game online only
- Don't bother (or at least, don't bother with anything more complex than a binary file format and a checksum)
Anything stored locally is subject to reverse engineering by a skilled cracker. If a binary file format or a really simple encryption puts it into the "not worth the effort" basket for 95% of your users, then that's good enough. 4.9% will then download an editor written by the 0.1% who saw your encryption as a challenge.
But honestly, I doubt I'd even worry about that. If a user wants to cheat and change their save somehow (adding items, health, etc) as long as it's a single player game, they're not really harming anyone.
If it's a multiplayer online game... then the save should be on the server.