Florian Gross wrote:

> Hm, which means that I have to call secure_object recursively on all 
> objects which the object itself references. (instance_variables, 
> contents of Arrays)

And secure_object needs to raise an Exception when
secure_tainted.bind(secure_class.bind(obj).call).call (Object is an 
instance of an insecure class).

Currently this also works:

safe "Class.new { def inspect; puts 'foo'; end }.new"

Regards,
Florian Gross