Userdata is unsafe

[tomaka]

Right now hlua checks type safety by writing the TypeId of the userdata in the index __typeid of its metatable.
However this could be easily modified by the library user or even maybe by a Lua script.

Of course it would be very stupid for a user to modify the value in __typeid. If all actors cooperate, then there's no unsafety. But safety is all or nothing. If for example you write a Lua REPL with hlua and take user input, then there is a security leak here.

[tomaka]

One solution would be to never push a T alone, but always a (TypeId, T) instead.
Hlua's API would transparently add or remove the TypeId whenever you push or load a userdata.

Since reading a userdata expects a TypeId, this idea can only work if the user has no way of writing a userdata without that TypeId.