There seems to be a battle of paradigms brewing and I think its important to choose sides.
Clojure (and Lisp in general) seem to endorse the homoiconicity principle. Code is data and data is code, in both form and function. I can extend my «program» with forms «on the fly» and this of course raises some serious security concerns. Will this be Clojure’s major drawback? Will we move from naive «so 20th century» stack overflows to «31337» symbol replacement exploits?
OTOH, the incumbent security paradigm cries for clean and absolute separation of «code» and «data». For Christ’s sake, this is even implemented in Ring-0 and the hardware!
But what the heck, once you’ve given ‘eval’ to the rest of the world via all the scripting languages out there then I guess the genie is already out of the bottle…