This guide talks about the security considerations from the system administrator's perspective, how to avoid to be affected by the "bad" function that the end user provides.