If you discover a security vulnerability, please report it via GitHub or email d@djm.me.

Since the main purpose of Bin is to run arbitrary code, the ability to run arbitrary code is not a vulnerability - unless it is in a context where users wouldn't normally expect code to be executed, such as the command list or during tab completion.