Code signing was on my mind for a long time. Any security related question is no panacea, but with careful consideration I think this can bring some benefits for multiple scenarios. Scripting languages basically run whatever code you point them to. In server scenario there is an obvious vector of attack where attacker uploads a malicious script and calls it or injects malicious code into your script files. Programs on the client could have a need for this too. When an update comes, it helps if the code won't run if it was not signed by the same developer. This doesn't work just for scripts. With Rye's "code is data" we also have live code. Live code (sometimes of a specific limited dialect or in specific limited context) can come over the wire or data can come over the vire and it could benefit from being digitally signed. You can see example of this in my blogpost about mobile code . Storing/retrieving data could also benefit, for example to prevent manual cha...