$SAFE question

< ^ > P N |<>|^_>< --- | ~ ...Help
Hello all,

basically I just want to know if the code below is safe.
Assume 'dangerous.rb' is provided by someone you don't know 
and is located in a world writeable directory.

The filename is as unsafe as the file itself.
------------------------------------------------------------------------
$SAFE = 1
filename = 'dangerous.rb'.taint # just uploaded from untrusted user

fname = String.new(filename.to_s)
classname = File.basename(fname, '.rb').capitalize
fname.untaint if File.expand_path(fname) =~ %r{^d:/simon/}i
code = IO.read(fname) # reading is safe hopefully

#create a new object from a class definition in dangerous.rb
unsafe_obj = Thread.new do
  $SAFE = 4
  begin
    mod = Module.new
    mod.module_eval(code)
    mod.const_get(classname).new
  rescue Exception => e
    Exception.new(e.to_s)
  end
end.value
raise unsafe_obj if Exception === unsafe_obj

# as long as we do not call methods on unsafe_obj we should be safe,
right?

# call a method on the new object
value = Thread.new do
  $SAFE = 4
  begin
    String.new(unsafe_obj.meth.to_s)
  rescue Exception => e
    Exception.new(e.to_s)
  end
end.value
raise value if Exception === value

value.untaint # this should be safe now! (?)
p value
------------------------------------------------------------------------

cheers

Simon