docs(bytecode): document trusted input boundary

README.md

@@ -1578,6 +1578,8 @@ func main() {
 
 ### Bytecode Compiler
 
+QuickJS bytecode should only be loaded from trusted input produced by this library or another trusted writer. It is not a safe interchange format for untrusted data, and loading hostile bytecode may lead to memory corruption in the underlying engine.
+
 ```go
 package main
 

README_zh-cn.md

@@ -1573,6 +1573,8 @@ func main() {
 
 ### 字节码编译器
 
+QuickJS 字节码只应从本库生成的可信输入，或其他可信写入方生成的输入中加载。它不是面向不可信数据的安全交换格式；加载恶意字节码可能导致底层引擎发生内存破坏。
+
 ```go
 package main
 

context.go

@@ -986,7 +986,10 @@ func (ctx *Context) CompileModule(filePath string, moduleName string, opts ...Ev
 	return ctx.CompileFile(filePath, opts...)
 }
 
-// LoadModuleByteCode returns a js value with given bytecode and module name.
+// LoadModuleBytecode returns a js value from the given bytecode.
+// Only load bytecode produced by a trusted source. QuickJS bytecode is not a
+// safe interchange format for untrusted data, and loading hostile bytecode
+// may lead to memory corruption in the underlying engine.
 func (ctx *Context) LoadModuleBytecode(buf []byte, opts ...EvalOption) *Value {
 	if !ctx.hasValidRef() {
 		return nil
@@ -1029,8 +1032,11 @@ func (ctx *Context) BootstrapBJSON() bool {
 	return C.js_init_module_bjson(ctx.ref, moduleName) != nil
 }
 
-// EvalBytecode returns a js value with given bytecode.
-// Need call Free() `quickjs.Value`'s returned by `Eval()` and `EvalFile()` and `EvalBytecode()`.
+// EvalBytecode returns a js value from the given bytecode.
+// Only load bytecode produced by a trusted source. QuickJS bytecode is not a
+// safe interchange format for untrusted data, and loading hostile bytecode
+// may lead to memory corruption in the underlying engine.
+// The caller must call Free() on the Value returned by EvalBytecode().
 func (ctx *Context) EvalBytecode(buf []byte) *Value {
 	if !ctx.hasValidRef() {
 		return nil