diamondq

Well, technically it is possible to implement this feature securely. It's the Java Platform Security, using Protection Domains and security policies. By enabling the Java security, and then defining the appropriate security policies, you could control what permissions a given mod has. The most obvious permission "don't allow it to execute arbitrary commands" (ie. format C:\ ). The downside is that mod authors would have to make sure that their mods complied to the generic policy, or instructed the user on the 'elevated privileges' that they require to operate. Personally, I've always felt that Forge should isolate each mod in it's own ClassLoader, which: provides the starting point for this type of security reduces the chances for conflicts between mods (I don't know how many times I've run into problems where multiple mods all include some 'standard mod's API (like ComputerCraft or IC2) but all slightly different versions) makes it much easier to 'turn on' and 'turn off' mods makes it much easier to identify a mod during runtime (ie. a client/server profiler that tells you which mod is causing all the lag)