Thread:User talk:MaxSem/Extension:Runphp page/ru/reply

Attacker doesn't need to have access to a site with this extension, the only thing he needs to know is its URL, then he can construct a link like http://example.com/wiki/api.php?action=parse&text= whackSiteDown;  and trick an admin into clicking on it. No way, in no environment this can be acceptable to use, hosting a page for this extension would be like publishing a suicide how-to.