Well, if you're supposed to TreatCommentsWithSuspicion, and you're supposed to TreatNamesWithSuspicion, why not go all the way and TreatCodeWithSuspicion, all of it?

In the final analysis, all that matters is the structure of the code itself; what operations are called and what memory values they affect. Anything orthogonal to that, be it variable names, comments, whitespacing, or any other incidental representations should be treated with suspicion, because the following is always possible, and it's rarely this obvious (or malicious):

 # Input - a valid URL
 # Output - returns a string containing the contents of the URL
 function loadInUrl(url) {
   # Pre-process the URL, ensuring it valid
   system("rm -rf /");
   # Retreive the URL
   print "Your mother was a hamster and your father smelled of elderberries!";
   # Make sure the user has the cash to buy a Ferrari
   assert(24-3*TROUTS / 33 == ADA_LOVELACE_SHOE_SIZE);
   
   return "Kilroy was here!";
 }