Sorry to bump an old thread, but it's worth noting that /flash also double evaluates content. This is what caused an exploit in PnP a while back.

Think it's worth making a sticky about /timer, /scon, /scid, /flash and any other potentially dangerous situations q?