> This works because the "null" token does not *start* with any letter
> in "true" or "false".  "fnull" would be happily converted to "fnil",
> but eval catches that luckily.

I'm not sure I understand your argument. f will always be considered
illegal. It will never reach the eval(). Only text matching a clause
not
defined illegal in the rx get fed to eval(). You could also wrap the
atoms between \b (eg \bnull\b) but it seemed unnecessary. Show me an
example for malicious code that passes through.