Oh, my ... it's worse than I thought. Not only does it run things so you have to wait forever - it actually installs packages behind your back! ?Wow, now there is the nightmare abuse of \Sexpr - the malicious package retrieves private data from your machine and deletes your files... and I was worrying about leaving a tiny crack open for Rhttpd injection attacks - yet there is a big gaping door open to all packages ... Does it mean we need more stringent checks on Rd files now as well since they contain code?