In fact their explanation is rather reassuring; they clearly state that they did not use eval to evaluate operations, and that they implemented their own evaluator. They warn about the risks!
Their example is actually very good — it is possible to disable functions:
In our case, in my opinion we should make a list of the functions we want to support, and then harden the unit tests to verify that it is indeed only those functions that are supported.
We could ask the community what is useful here, for example:
