surely concats of user input, stdout of external dependencies, and non-deterministic output feeding back directly to an eval is safe. it's never been a problem before. not even trying to check the boxes when it comes to security anymore.

Can I do

  echo blah blah >> ~/.ssh/authorized_keys

still, far more effective than "NEVER FUCKING GUESS"