I don't disagree with anything you said as its possible, but you can easily protect yourself from such injections, and your concern with the use of web fetches is ridiculous unless the person who wrote the code purposely left the snippet open to attacks as mIRC doesn't evaluate anything in the buffer