What can an engine do when it sees eval?
Not much. It can’t even prove that it is actually eval unless eval is not bound lexically, there is no with, there is no intervening non-strict call to any identifier eval (regardless of whether it is eval or not), and the global object’s eval property is bound to the blessed eval function, and is configured as DontDelete and ReadOnly (not the default in web browsers).
But the very fact that an engine sees a call to an identifier eval poisons optimization: because eval can introduce variables, the scope of free variables is no longer lexically apparent, in many cases.
I’ll say it again: crazy!!!
via wingolog – Javascript eval Considered Crazy. No matter how crazy and unsafe you consider eval this is just going to scare you a little more.