I think security won't be a big concern in LiteXL since it only call some pre-exported C functions via Lua C API for rendering, directory monitoring, etc -- It doesn't let anyone call arbitrary C stuff from plugins, but it can be indeed considered as "hackable" since anyone can edit the code editor source dynamically.

Thanks so much for reading this article and posting your interesting experience, ideas :)