Answer from cs61c-et (Bryant Chae 14937777) for Question 1
A person could exploit this by sending in data that seems like it is just harmless integers or floats, but in reallity the person could be sending in instructions that could be potentially harmful.
One possible way to prevent this is by protecting this data from user manipulation.