Can localStorage be modified by a client?

There are addons like e.g. Foundstone HTML5 Local Storage Explorer for Firefox, which permit users not only to browse localStorage globally, but also to modify its content:

So I wouldn't trust on nobody having access to it or nobody can alter it. At least from the client, it is possible with ease. From another website, it might be more tricky, and certainly would involve a "security hole" as it's not the intended usage.

Update: Meanwhile, at least in Firefox, you don't even need any addon for that. Simply press Ctrl+Shift+I, select the Storage tab, and in the left-most column select Local Storage – where you can view and even edit the local storage for the site you've got in the foreground tab:

^{Local Storage browser built-in to Firefox (click image for larger variant)}

Local storage is bound to the domain, so in regular case the user cannot change it on any other domain or on localhost.

It is also bound per user/browser, i.e. no third party has access to ones local storage.

Nevertheless local storage is in the end a file on the user's file system and may be hacked.