Thank you for your prompt response. You wrote
> Once one allows unrestricted shell escape, all bets are off in terms of what
> an arbitrary package can do.
- reduces what an arbitrary package can do
- improves security
Please provide some evidence for (1), by for example providing references to the source code and tests.
For (2), this also needs to be argued. Suppose software item AAA-SECURE is not, in fact, secure. Then AAA-SECURE is already a security risk, because its name allows a social engineering exploit, which perhaps can then be leveraged.
The TeX/LaTeX community has a different meaning for "restricted shell escape". As you are using the term in this new way, please would you provide a definition.