That can't be exploited.
The main things you have to watch out for are $readini, $read, /scon, /scid, /flash and /timer. If you $read() that file without using the 'n' flag, then identifiers within the file will be evaluated, which means people could use $findfile() to execute commands.
