This seems like a perfectly reasonable restriction. Occasionally, when I've written quick and dirty scripts that have had to write files, I've written directly to the TOT directory, since it is easier. However, that stuff hasn't been meant to be used by the end users of scenarios. At the moment, if I'm paranoid, I can search for things in the code like 'os.execute' and 'io.write.' If the code is supposed to be writing stuff, then I have to figure out if what is being written is advertised, which could possibly be a bit more involved. What we might do, is write a library with all the possible things you could want to overwrite (or, that are considered 'allowed' to be overwritten). For example, overwrite.rules(newRulesName), overwrite.movpiece(newSoundName).