Ok. A bit safer.
I have never really considered the implications of eval or Function() much. What with never needing to evaluate source code like that in anything I have done.
Seems to me tough that the problem with all this is not that eval or Function are insecure in themselves. The problem is when one is wanting to evaluate stings as source when those strings come from some totally unknown, untrusted, source. Much the same as running random binary executables, laden with malware, that one has snagged off the net or installing the from an App Store.