[adrusi]

The clojure reader supports the #= prefix before a form, which will cause the reader to read the following form, pass it to eval, and use the result as if it were part of the passed in data.

    (def #=(symbol "foo") :bar)

Gets read as

    (def foo :bar)

[wtetzner]

Yeah, so someone could provide a malicious input like:

    (read-string "#=(launch-the-missiles)")