Execution is currently very insecure. It should run in a different process (or even machine)
and the list of allowed APIs have to be reduced.