If there really *is* a security issue, I think it would NOT be a good idea to test that here on a production server, let alone a production site; better test it somewhere else, on a different machine.

This looks like an "asking for trouble" page to me...

Agreed. It's seems silly now ... but at the time I believe Roman was actively testing out security problems in the SandBox. So I figured it was better to give him someplace else try stuff out, rather than have him keep using the page that all newbies visit.