Why did it get such a low score despite enabling arbitrary code execution?