Saving state into a resource file creates a security risk

Resource files can execute arbitrary scripts.

The baddies could trick players into using save files with malicious scripts. This should be avoided.

Saving the state into JSON is probably the move.