[cogman10]

There aren't a bunch of languages with proc-macros and IDEs. That'd be where you'll see a major intersection. (Maybe C++ has this problem with some ides?)

Languages with similar risks are ones where a Repl is is the key form of development. In those scenarios you are also one bad dependency from stolen info.

[trulyme]

That's not really relevant though. Anything that runs code on my computer without my awareness of it should be considered a security bug.

[tialaramex]

Alas, the nature of computation makes this only ever a matter of squinting hard enough at the problem.

Just as it turns out that matter and energy are almost the same thing seen from a different point of view, it's the same with code and data. Running code and processing data are no different to a computer.

You think a picture of a dog and a Windows program are plainly different kinds of things, the computer does not agree.

Something like Wuffs † aims to at least control the blast radius. If (in some alternate or far future world) you were only ever looking at pictures of a dog via Wuffs, you could at least feel confident that doing so did not have some entirely unforeseen consequences, like exfiltrating your SSH private keys. Today you certainly can't be sure of that, none of the tools you use have such a cautious approach.

† https://github.com/google/wuffs