Can you explain why this is not ? Code injection in production environments is generally considered an easy attack vector. Lots of CVE's around this in other language SDK's that have been ironed out over the last decade and half. I don't think Common Lisp gets "special protection" here or does it ?
Unless you are restricting this to only development in which case there are a lot more languages other than common lisp that support hot-reloading/re-definition.
> Lots of CVE's around this in other language SDK's that have been ironed out over the last decade and half
Like what? The only notable one I know of is log4shell. And no one advocates not to use java because of rce. Nor javascript, nor python, nor erlang. Compare with c...
You are loading code you wrote, not evaling untrusted user input. Common Lisp is actually safer than a lot of languages in that Java, Python, Javascript, etc all do lots of runtime reflection and metaprogramming that leads to vulnerabilities where lisp metaprogramming is happening at compile time and therefore a lot safer.
Unless you are restricting this to only development in which case there are a lot more languages other than common lisp that support hot-reloading/re-definition.