Build Security

It doesn’t even have to be a transmute or anything, an unsandboxed procmacro can just extern "C" { fn open(…); } and call OS APIs directly. Hiding stds wrappers doesn’t change that at all. A proper sandbox is the only way to go.