SP missions are not sandboxed currently. This means, that mission script can get same rights as an user you use to run a game. So, watch what you download.
MP mission scripts are executed on server, so you should not be exposed to malicious code just by connecting to server. However, there are classes, whose are responsible for briefing and UI elements scripted on server, but displayed on client. Those could be used for malicious stuff, but so far it seems they aren't accessible from scripts (or I simply don't know the way).
|