I'm embracing the HMAC-tagged encoded closures. It is too useful not to use. Thinking about it, it seems safe. However it feels somehow wrong, because if that HMAC protection fails, then the security breach is total. How much do you trust cryptography? It is important to realize that security is relative. Weigh this against other means to perform code injection in the same system.