But if he intervenes at this point it will spoil the emergent complexity of the community, and hence the beauty he has created per his revolutionary treatise "Hackers and Painters"
This is just a natural consequence of Hacker News not being a free market. The state controls of the karma system practically guarantee inefficiency in the free exchange of ideas. We need to stop subsidizing mediocrity.
The fact that the author was able to manipulate values 2 pages after the form he modified pretty strongly implies that those values were used on the backend, however.
I think people's confusion lies in the fact that there are actually two separate areas where javascript is run in Phantom: one is the javascript that controls Phantom and has a filesystem API; the other is the javascript that gets run inside the browser sandbox as part of the web page, just like any other javascript run in any other browser. It is possible to set up a bridge between the two such that the latter can issue commands to the former, just as you can curl sites and pipe them into bash. The point is that with default settings you can use PhantomJS to load a website without any danger whatsoever.
If you disagree, please write a more worthwhile comment showing me which part of the API is dangerous.
