How did that work? You need to load your custom scripts somehow in the first place, Im guessing in a form of game mod. So you are already running custom code at this point.
Whenever you connect to a server, the client autodownloads any game mods used by the server. Random servers and their game mods aren't supposed to have arbitrary unsandboxed code execution on your system, but they could if they exploited a vulnerability in the code vm. The code vm is supposed to be safe for running arbitrary code in a sandbox.
It is forked from the well maintained ioquake3 project. But do you have further informations? I'd love to fix stuff if possible (and maybe back port that to ioquake3).