asp classic - Is eval and execute still dangerous in ASP/VBScript if no user-defined data get passed through them? -

this more of "ethical" question technical question.

it's obvious why eval() , execute() dangerous if allow user-defined data/variables passed through them. however, i've gotten vibe use of these functions frowned upon no matter , used last resort.

anyway, i've used them here , there when can make coding more efficient , dynamic... make sure know gets passed through functions controlled , not user-defined. consider bad coding? there way hacker take advantage of functions if it's not reading defined request or session variables or other user-defined data?

if pass eval() or execute() purely own string, without input user can influence whatsoever, should safe. however, renders lot of possibilities of eval() , execute() useless.

for example, tempting use eval() , execute() creating api-like functions, user calls function in querystring, , simpley eval() instead of using big select...case every possible call.
have seen used in csv parsing, column names mapped recordset-columns using eval(), again, useful, extremely dangerous, have demonstrated in question aware of that.

if absolutely sure parsed code under complete control, it's poweerful.