eval'ing a response from a third party essentially runs their code in your context. JSON.parse does not.