Halfway through he gives up and uses remote models. The basic premise here is false.

Also, the term “remote code execution” in the beginning is misused. Ironically, remote code execution refers to execution of code locally - by a remote attacker. Claude Code does in fact have that, but I’m not sure if that’s what they’re referring to.

▲

thepoet 10 days ago | parent [-]

The blog says more about keeping the user data private. The remote models in the context are operating blind. I am not sure why you are nitpicking, almost nobody reading the blog would take remote code execution in that context.

	▲	vunderba 10 days ago \| parent [-]
		The MCP aspect (for code/tool execution) is completely orthogonal to the issue of data privacy. If you put a remote LLM in the chain than it is 100% going to inadvertently send user data up to them at some point. e.g. if I attach a PDF to my context that contains private data, it WILL be sent to the LLM. I have no idea what "operating blind" means in this context. Connecting to a remote LLM means your outgoing requests are tied to a specific authenticated API key.