Peter Bex writes:
I somehow overlooked the addition of "read-line", which I think might be a bad idea considering it does not support a limit of how much to read (allowing user input to cause an out of memory situation, leading to denial of service). Luckily, a limit as optional second argument is a pretty straightforward extension which my favorite Scheme [Chicken] already supports.
The very old and standard procedure read also does not support any kind of limit, and it would need several: a sequence length limit, a nesting depth limit, a bignum size limit, and a character name length limit. A library could easily be created with attack-safe versions of read and read-line, or as you say it could be an extension.