Hi, This is a bugus bug report, I've tested this on both v0.8 and v0.9 and no problems. Please remove this bug as it gives a bad name to the project. It is possible to pass fake variables (as with most systems), but not executable code!! which is not a security issue. If I'm missing something, please email me with details info. But as far as I can see this is a bugus report. Stuart
