Hi,Such an attack may be more theoretical than real, but my preference would be that if a script's logic should be accessible from the command line and the web interface, to put the logic in the API and have the CGI and CLI scripts just be thin wrappers.