I work on a WYSIWYG plugin for DokuWiki that uses the CKEditor. It's been in use since FCKeditor days, and no one has ever raised any security before. But a user recently raised the question as to whether the Scayt spell checker was a security risk because of how it is implemented, i.e. passing textin parameters from the wiki to the Scayt servers in order to check spelling. On a public wiki this would not matter. But when a wiki is closed, internal to a company or on a personal LAN, does this potentially open up the closed wiki to a third party? I would appreciate any information or views.
For the complete exchange of views on this topic see: https://github.com/turnermm/ckgedit/issues/434