There is no difference in capability between a language with eval and a language without. You can always implement eval yourself in a language that doesn’t have it, although it is easier in some languages (Lisp) and harder in other languages (C). This is why we know it doesn’t add any new capabilities to a language.

Eval is generally considered “powerful but dangerous and unnecessary in production code”. If you ever get your source code reviewed, and it uses eval, you will have to get used to people telling you not to use eval. Usually, if you use eval, there is a more straightforward and safer way to accomplish the same task.

Security vulnerabilities

The eval function often leads to security vulnerabilities, such as in web applications. For example, in Python:

i = input('Enter a number> ')

The input function in Python prior to 3.x evaluates the user input, leading to security problems:

Enter a number> __import__('os').system('rm -rf $HOME') # DO NOT TRY THIS

This can be avoided in fully sandboxed runtimes, such as JavaScript, Lua, CLI, etc. However, in code that is not sandboxed, it is just too difficult to use eval safely.

REPL

The one glorious use of eval is the REPL, which is a useful tool for software development. In Google Chrome, you can bring a REPL up right now by pressing Ctrl+Shift+I — just start typing JavaScript in the box that comes up. Firefox and Safari both have REPLs too.

Why not include eval?

The eval function is usually incredibly complex. Including it in the standard library means that the library or runtime has to include a complete compiler or interpreter for the language, which is a hefty chunk of code. That’s why you usually see eval in languages that are typically interpreted or JITed — Lisp, Python, and JavaScript runtimes typically already include a complete compiler, so eval is no extra baggage.

Implementations of eval for C are real beasts, so they’re optional and shoved into libraries.