The top
Is Using eval In Python A Bad Practice?
answer gives 4 reasons why eval is bad
- There is almost always a better way to do it
- Very dangerous and insecure
- Makes debugging difficult
- Slow
eval
is particularly bad from a security point of view if any part of the string is fetched from user input and sanitizing untrusted user input/trying to secure eval is usually worthless, but as others have mentioned its far from the only bug of its class. De-Serializing untrusted/user input say from pickle or json/yml/xml including deserializing arbitrary objects has a similar security problem.
As arguments 1/3/4 point out eval is usually considered a suboptimal solution even besides the security problems which can usually be avoided(by not using it with string generated by user input) with a bit of consideration(although this can be a problem when it's an implementation detail that can be easy to miss).
It's usually considered better code/more maintainable to use other python features to implement the same thing if possible.
Nevertheless it can be useful, namedtuple in the std library is implemented using ~~eval~~ exec(which is similar).
someone else mention a comparison to goto which is also "too powerful" in some ways but can be quite useful(but only in c).
I've used it to develop useful debug functions and ruby like string interpolation for my code.