I've been considering having my showcase app load demos dynamically from GitHub gists. Basically I'd point it at my GitHub account, it'd find gists with a certain name, get the jar from each, load up the demos (via plf4j) , show source and README.md. That way I can add and update demos without pushing new versions of the entire app out. How concerned about that approach would you be from a security point of view?