Why should exec() and eval() be avoided?

Question

I\'ve seen this multiple times in multiple places, but never have found a satisfying explanation as to why this should be the case.

So, hopefully, one will be prese

Answer 1

s = "import shutil; shutil.rmtree('/nonexisting')"
eval(s)

Now assume somebody can control s from a web application, for example.

Don't try to do this on your computer