Disallowing remote code by default could be considered a benefit, but disallowing me from saying "I trust this one particular source of remote code; please let it execute" is most definitely not.