I've written script, which is an alternative of custom achievements (except automating process). It allows to create new badges and give them to users. All badges are on their own module in rail, which is showing on user page and message wall.
Why am I asking for help with reviewing? Script's config is out of .js page - I'm keeping all data in json format on Project:Medal page, because all editing like add badge to user or create new badge will not be passed through the JS review and we're not wasting our time for waiting. But script can have security holes - that's what I'm asking you to check. There is my script - User:Kopcap94/badge.js. Also you can check out it on my sandbox - w:c:ru.siegenax.
Thanks in advance!