Yes. In the past, there have been security issues related to custom JS, verbatim tags, and custom system messages. As such, Fandom disallowed use of the verbatim tag, restricted editing of system messages to the whitelist, and implemented the JS review process that requires a staff member to approve any custom JS used by a wiki.
The turning point was when a hacker managed to use some custom JS and whatnot to create a convincing fake login page and managed to steal the login credentials of hundreds of users including a staff member. They then used the staff account to wreak havoc across the server. I don't know the full list of offenses but it included deleting some major wikis.