#How safe is loading scenes files?

Hey there. I'm tinkering with Godot for an app I'm planning to make. One of the things I wanted is to make customization easy to do.

For this, I thought about loading scene files for each menu from a folder depending on what is specified in a configuration file.

For example, if the configuration file states to load a specific theme named pixelart, the app would look for menu.tscn in themes/pixelart/. The thing bugging me is how safe is this approach. If someone downloaded a malicious scene.tscn file, it could end bad.

I tend to overthink a lot of stuff, so I appreciate any feedback and ideas. Thanks for reading along, here, take this cupcake 🧁!

Depends on how are you are gonna distributing the game.
Are you gonna give the source code? If yes, they can do anything with. There's no need to protect. They can build anyway.

If you are only giving them the binary executable(exe, apk, etc.), the tscn/scn files won't be easily accessible unless they do some reverse engineering(rare).

On other hand, they can try to read something from inside your game via the configuration file if you allow giving file-name/path(e.g, pixelart).
You should be sanitizing the configuration file before processing it anyways. Whitelisting and other sanitization methods(like string/path sanitization) can be found everywhere.

TLDR: Don't think too much while prototyping. Always try to sanitize whatever data you let your user/player provide(e.g, configuration file).
PS: Thx for the cupcake!