Disabling a user's ability to do those commands from the command line won't help as much as you think.. Those with malicious intent could just start supplying the actual .ini or .mrc and tell people how to load them (or the other methods sat mentioned while I was writing this). As long as mIRC has a scripting engine at all, it will be possible to trick people that don't know what they are doing. But if mIRC scripting were to be removed, I bet that around 90% of users wouldn't upgrade to that. Kind of a catch-22, isn't it?
Btw, it isn't really right to say that these users are stupid. Too trusting? Sure. Don't know what they are doing? Absolutely. But no new user knows what they are doing right off the bat.
Look at it this way: the experience of being taken advantage of might actually be good for them! When they find out what they did (likely through being banned a few times) they may learn to be more careful, and will not be likely to do it again. Khaled just needs to make sure that these scripts cannot do permanent damage, and a lot of that has been done with the lock settings.
Don't get me wrong -- these spamming scripts are annoying, and I would be happy if they went away. But if that is all they do, I think that is worth someone learning a valuable life lesson in the end.
