Some major modes, such as SES, call functions that are stored in user files. (see Top, for more information on SES.) User files sometimes have poor pedigrees—you can get a spreadsheet from someone you've just met, or you can get one through email from someone you've never met. So it is risky to call a function whose source code is stored in a user file until you have determined that it is safe.
nilif form is a safe Lisp expression, or returns a list that describes why it might be unsafe. The argument unsafep-vars is a list of symbols known to have temporary bindings at this point; it is mainly used for internal recursive calls. The current buffer is an implicit argument, which provides a list of buffer-local bindings.
Being quick and simple,
unsafep does a very light analysis and
rejects many Lisp expressions that are actually safe. There are no
known cases where
nil for an unsafe
expression. However, a “safe” Lisp expression can return a string
display property, containing an associated Lisp
expression to be executed after the string is inserted into a buffer.
This associated expression can be a virus. In order to be safe, you
must delete properties from all strings calculated by user code before
inserting them into buffers.