Emacs disagrees with you. Evaluation of untrusted Lisp in local-variable sections of files has been allowed by Emacs for decades: it just *shows you what the code is that it's going to run* when it asks you to run it. It's generally pretty obvious then if that's malicious.
(Of course, word-processor documents can contain whole libraries, too much code to show the user: perhaps *that* is the problem.)
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds