What is eval() and why should you avoid it?
eval() runs a string as JavaScript. Avoid it.
Security — executing strings invites code injection.
Performance — prevents optimisation and runs slowly.
Maintainability — code hidden in strings is hard to read and debug.
Instead: use objects/maps for dynamic lookups, or JSON.parse for data — eval is almost never necessary.
Three reasons to avoid: security (code injection), performance (kills JIT optimization), debugging (hidden behavior). Three alternatives: JSON.parse (data), Function() (isolated execution), obj[prop] (dynamic access). 'eval is evil' is the common saying.