Most essentially these occur because ` isn't controlled, so a script/template author can do arbitrarily bad things to the database (and a user might be able to exploit sloppy code). It was never the intention that admin-grade responsibility should be necessary for writing code, thus this needs to be mitigated.

This will probably remain unfixed until there's an initial release.