[tex-k] secure mode of dvips should be default

[Tomas G. Rokicki]

Thanks for the email on dvips security!

Can you explain why secure mode should be on by default?
In other words, how might I run TeX and/or dvips over
untrusted code?  Provide me with a convincing attack
scenario.  A time bomb in some macro source somewhere that
gets included into a distribution?

Certainly if someone embeds dvips into some sort of automatic,
MIME-driven viewer, yes, secure mode should be set on, but
for command-line use?

Thanks!

-tom