Our assumption is that external expansion rules are coded safely and we only need to be careful if the sandboxed code defines expansion rules.