The Python plugin and any other plugin implimented in
the future that allows similar flexibility, should
restrict i/o to only what it may need to access.
Currently the scripts can access whatever the server
can access. This becomes a problem when non-standard
map distributions are installed, which contain a
malicious scripts. If more flexibility is needed by a
particular script, a whitelist could be used.
Running scripts in a sandbox or another form of restricted context seems useful. Right now a badly-written script can change the global state and cause the server to freeze or shut down.