Comment 1 for bug 700333

This isn't only a security problem. Tools that don't use libgeda still need to be able to read the configuration. Such tools may not be written in Scheme, and in any case won't contain the definitions from libgeda.

Another issue is that local configuration files need to override system and user configuration settings. Therefore, for clarity and discipline, the system and user configurations should also be parsed but not evaluated. And, of course, the tools mentioned above need to read these too.