If you have to trust the client, then your implementation is already broken.
Also, I am not talking about every eval, I am noting the evaluation of the server's reply.
This has been cussed and discussed ad nauseam in this thread. The solution is simple: if you do not trust the client
do not run the client.