If you discover a security vulnerability, please email d@djm.me or report it via GitHub.
Since the main purpose of Bin CLI is to run arbitrary code, the ability to run arbitrary code is not a vulnerability - unless it is in a context where users wouldn't normally expect code to be executed, such as the command list or during tab completion.