i remember having put a check to avoid infinite recursion. i hope it's working
I see in your choice as a fault of possible safety(security), if by publishing(editing) a template we are not careful to verify that alias do not replace macro in a illicit way (by hostility), then I cannot trust to a tpl.
i don't fully understand your trust problem.
any script/template can destroy your hard disk and send personal data over the network to your attacker.
and all of this without replacing any existing macro.
macros ARE dangerous if written by someone else.
that's why i tried to restrict where the macros can come from.
how can you say that we would be safer than this if "replacing" was not allowed ?
sounds like making a car safer by wearing a sweater.