I wonder what would be a good model for a generic solution to this problem, which in reality affects pretty much any scriptable program.
Perhaps each piece of executable code should contain a common variable - say, SOURCEID - set to a UUID specific to a particular machine and security context (i.e. userid). Macro recorders would create this variable automatically, such as in the case of embedded code in spreadsheets.
Then, if the embedded SOURCEID matches the current SOURCEID the script runs without prompting. Otherwise, the software prompts you to run the script. ("This <data> contains foreign code. Run it? [No] [Yes] [Always]"). Selecting "Always" would change the file, replacing the original SOURCEID with your current SOURCEID, or you could simply edit the file manually if it's something like a plugin script.
This doesn't fix the Blender issue specifically unless you make the background process version assume [Yes]. It also doesn't address the issue that Linux has no machine UUID currently, unless you do something like use the one from the root filesystem. But there's certainly a hole in *nix security that assumes privilege separation stops at the user level.