Paul Ling discovered that Emacs insufficiently restricted the evaluation of Lisp code if enable-local-variables is set to "safe".