Interesting - I'm kinda counting on PDF.js, which is used for PDF rendering, on doing it safely, but of course that doesn't always have to be the case. Do you have any thoughts on how to make this safer?
some other method of collection where you can hav eknown trust of the files contributed, some method of 'registering' a submission to create trust,