To me, the most important thing when selecting whether to use autocomplete, and which one to use, is knowing what if anything is evaluated and what is done statically.
If possible, it would be extremely helpful to have specific documentation on what execution of code is being done when autocompleting. I haven't had a chance to dig through the source yet, but from just a quick peek it does seem like at least some is being done, so having clear lines for how far that goes would be lovely.
Thanks for your work!
As long as you write pure python, everything is done statically. But: If you use builtin modules (c_builtin) there is no other option than to execute those modules. However: Execute isn't that critical (as e.g. in pythoncomplete), because it means one import and no more. After this import a Python file will be generated that contains all the definitions of a builtin module.
So basically the only dangerous thing is using the import itself. If your c_builtin uses some strange initializations, it might be dangerous. But if it does you're screwed anyways, because at one moment you're going to execute your code, which executes the import.
Is this enough? I would add it to the documentation, later on.
note about security, fixes #38