Doesn't the encrypted data on the vendors page come from customers? The encrypted data is coming from a customer who encrypts ruby code instead of their address. In fact they can even encrypt ruby code that puts their address after it is done with all of its networking. No it doesn't need to generate the code. Currently what I showed does check for a specific string and if it finds it it pipes the decrypted message to a ruby interpreter, which then runs it as a completely different script automatically. There are probably even more sneaky ways to do it without looking for a special string. We can not possibly know what it does without looking at it, that is the entire point of this thread. But honestly if you want to let the market decide I really don't give a shit. I think that you are thinking more with your wallet than logically though.