[mhh__]

Integrating TeX into a program inside exactly impossible now though. Pandoc gets along fine.

Also the way to trust code is isolation rather than verification, even rust has unsafe.

[weinzierl]

Isolation is a good second line of defense. It's not going to prevent malicious input to produce malicious output. At least not until you go as far as Qubes OS and you squeeze everything through a rasterized bitmap.