The mathwiki code I mentioned does not take ane precautions when evaluation TeX code, and that is indeed a security hole.

I asked around on usenet (http://groups.google.com/groups?threadm=d55ab765.0111091929.1e4b9af4%40posti...) and found out that TeX can write to arbitrary files and can also execute shell scripts, but fortunately, both of those features can be switched off, at least in the tetex distribution which is the standard on Linux/Unix.

Axel