Board Thread:General Discussion/@comment--20150814190019/@comment-24473195-20150815102953

There are several problems with simply trusting users:


 * Ignorant users can cause problems without even knowing about it (e.g. visual editor not working because of javascript (Thread:822694))


 * People copy/pasting or importing script without truly understanding it can  expose exploits. Those are the worst offenders in fact.


 * The fact that many wikis could have been used and abused for several years even a decade without anybody being aware of it.

There are more developers using mediawiki and wikia than one might expect. If Wikia has 300,000 wikis with one user and just 0.1/100 of those are developers, that would mean there are already 300 developers around.
 * Authors updating or changing the original code without warning anyone and causing problems or exploits because these are updated automatically.
 * Being able to create scripts doesn't mean one is aware of security problems related to that code. Someone could easily code a perfectly useful code that has many exploits, and this has happened in dev.wiki.
 * Even simple performance issues that can be solved by regular users are left unattended for years (proof).
 * A wiki is awful for code-editing/review . There is no possibility of Sanity_check, no proper lint,  no way to comment or highlight problems in specific lines, and edits can be immediately saved even if there are  serious problems.
 * A wiki is awful for code-editing/review . There is no possibility of Sanity_check, no proper lint,  no way to comment or highlight problems in specific lines, and edits can be immediately saved even if there are  serious problems.

A relevant discussion by  MediaWiki software engineers, developers, and users:

https://phabricator.wikimedia.org/T71445

Edit: added more info...