Your design choices should not try to override what information is presented to the user solely on constructing a LiQL query. When using restadmin you should keep that principle in mind even more front and center. Think of restadmin as the exec() equivalent, just b/c it's there doesn't mean it's safe to use for every situation (unless you absolutely know what you are doing).
You have raised some very astute points, thanks for a very exciting and well informed discussion on this important topic. Feel free to open up a Support case and if you like I can call you to discuss further.
And last but not least, sorry for a shameless plug but I'm hiring a Lead Security Engineer, do you know anyone? Your kind of skill set and knowledge is essential to be successful at this role (based in San Francisco, CA).
-Faisal
