You could take a look at SELÖVE, a (severely out of date) fork of LÖVE that is intended to make it safe to run arbitrary .love games. (It used to be on bitbucket, but it looks like it's gone? I'm not sure if I have the repo locally :/)
Running arbitrary code was such a problem that I just completely ruled it out for bitser. Instead of serializing functions, you can register safe functions as resources. This doesn't solve the upvalue problem, though.
Not exactly. The headline is a bit misleading imho: the article doesn't say that CO2 uptake by plants is up by 31%, rather that new estimates of the CO2 uptake by plants is 31% higher than previous estimates. That doesn't preclude a temporary collapse of carbon absorption (related mostly to forest fires as far as I can tell).
It's very possible that if you showed me the MapHub UI eight years ago, I'd have intuited that I'd need to save manually---I can't tell for sure. I am definitely aware that the way I engage with software nowadays is very different than when I started using computers in the early 2000s, and I don't doubt it is still evolving due to the changing conventions in UI and functionality.
I work with files every day, and I'm not sure I would have realised I'd needed to save manually with the original MapHub UI either. A web-based interface that looks like that, I expect it to be transparent. If it'd had three icons (the classic blank page, open folder and floppy disk) in the top left, then I'd assume it would need manual saving. (I'm not saying that's what you need to do, just analysing my own intuitions)
Anything that needs to be read over the phone should probably be written out using something like the NATO phonetic alphabet, split into smaller chunks if needed: "The code? It's kilo eight niner; one three mike; delta echo lima."
The client sends the encrypted (via HTTPS) but not hashed password to the server, both for changing your password and checking your password. So the server receives the password in plaintext but shouldn't store it.
Whatever the client sends to the server, an attacker can send too.