[threatofrain]

I would also argue that security should not depend on your ability to introspect into code, because whether code is treating data according to the user's expectations isn't something that's going to be statically analyzable.

The interface which consumes the code should be safe.

[contravariant]

Furthermore almost any programming language is going to be pretty much impossible to analyse the behaviour of. There are are some pretty fancy theorems about incomputability, but really it's just because you can build a compiler that reads obfuscated byte code.

Forget not being able to use string matching, there are no programs capable of predicting the behaviour of programs without effectively running it in a sandbox.