[SigScanner]

Why SourceMod have functions like StoreToAddress? Is default function set is not enough? Allowing people write anywhere like placing shellcodes and executing them is bad idea. I think it's huge security hole

[hmmmmm]

They're sometimes used to bytepatch functions to modify the game behaviour, so they do have a real use-case in the context of being able to write in executable sections. I do think you are right about the risk of people using it for writing malicious code though.

[Oshizu]

We already can load DLLs (extensions) which potentially could do much more harm if misued (just use __asm or memcpy/memset and you get same behavior too!), and besides that, SourceMod license requires you to provide source code along with .smx, same goes for extensions.
Its like calling windows 10's ability to run executables a security hole.

Just don't run shady plugins without .sp or extensions without source code the same way you wouldn't run unknown .exe files on your pc. And besides those would be violating SM License.