> The server, however, only receives the player's location coordinates.

No. 

The server receives the key presses from from the client, makes sure they're valid, _then_ authorizes the client to move. 

The client has no say in where it can go. It should act as a dumb terminal. 

Then you can add client side prediction and make your game look smooth.

> Without some sort of data encoding in the client, [...]

This is still a nice to have, though. Preventing players from sniffing the traffic would help avoid most hackers and trivial cheaters to create bots and the like.

> is there a way to encode this location message to the server before it exits the client binary 

You also have to obfuscate the client per se. Programs such as _Cheat Engine_ can sniff the information directly in the client's memory, the data does not have to "exit the client" before it can be read. 

> it would be extremely difficult

That's unfortunately as far as you can get, you can't make it _impossible_. If there is enough money to be made by cheating in your game, some entities will try hard to reverse engineer everything and allow some players to take an unfair advantage.