Hi, Rivera.
Do you mean these features can be used without getting authenticated first at web UI? Otherwise it's not clear how this can be utilized by somebody except the servcies's administrators.
That said, it still doesn't feel right that text in a file's name can be treated as line of code (still seems as a minor web UI bug to me, not a security threat).
@Thomas Gasmyr.Mougang could you fix it?