It's always difficult to secure the execution of user-supplied scripts. We may overlook this for the alpha release, but afterwards we need to audit this, and consider things like:
How are we handling data touched by or returned from a script? Are we trusting it without verification?
It's always difficult to secure the execution of user-supplied scripts. We may overlook this for the alpha release, but afterwards we need to audit this, and consider things like: