2. What prevents a user from saving and serialzing a dangerous thunk for later use? How do you expire?
3. How do you keep which functions are dangerous? What prevents due to lack of foresight unnecessary security breaches?
4. What stops others from getting around these by dipping under Arc and these primitives?
These are hard questions and unless they are answered the security the system provides is merely a ruse.
