For programs that do not require access to an X11 display, you could also work around the problem of not really trusting the code to not do anything that isn't in your best interest by using `sudo` (or `su` or `setpriv` or ...) to change to an unprivileged account.

Or by having the (non-script) executable file have the SUID bit set, and owned by an unprivileged account on the system.