I was under the impression that (part of) the purpose of the sandbox was 
to run untrusted Ruby code within the context of a larger Ruby 
application. I'd imagine that a large portion of the time, this code 
enters the application as a string - for example, Try Ruby presumably 
accepts strings from the web interface and passes them through this 
method to get the result.

I think you're right that if you know what code you're going to be 
evaluating when you write the call to eval, passing it as a block would 
be preferable. I think the best way to balance this would be to allow 
both, like instance_eval.

I imagine if eval only took a block, we'd see a lot of code like

box.eval { eval(str) }

Tadashi Saito wrote:
> Hi,
>
> On Fri, 25 Apr 2008 07:12:39 +0900
> _why <why / ruby-lang.org> wrote:
>
>   
>>   * eval(str, opts = {}) => obj
>>     
>
> I think eval(string) is <del>evil or</del> too ugly and takes more time
> especially in 1.9.  It should take block instead of it.
>
>   * eval(opt = {}, &block) => obj
>
> like:
>
>    box.eval {start}
>
>