In the documentation of JCasC, we must make explicit the fact that the administrator in charge of the configuration must trust the whole content that is loaded.

It could be through writing the configuration themself or rely on some PR reviews etc.