Books are very susceptible to phishing style attacks

Users can set run_command events in books and trick players into accidentally activating them. There is no warning here and the feature is sufficiently unknown that there have been reported cases of this leading to phishing based privilege escalation. The best fix is to warn users when clicking on text in books, the same way in which links are done.

This one is more of a user education issue, but I think that an alternate acceptable fix would be to put the command in the chat bar but not run it.