The permissions doesn't make it clear that it's using php. Instead of "use drupal executor" something like "execute php in Drupal executor" might be better.
drupal_executor_ajax is vulnerable to CSRF. HTTP referrers can be spoofed. I suggest using a token system - see http://drupalscout.com/tags/csrf for details.
You should add a dependency on php.module in core, that's a typical way to provide this feature.
Instead of doing your own output buffering and using eval, you should rely on http://api.drupal.org/api/drupal/includes--common.inc/function/drupal_ev...
All that said, you could also consider abandoning this module because devel module already has this functionality as this issue suggests: #1316052: Explain the difference from Devel's "Execute PHP Code".
Comments
Comment #1
grisendo CreditAttribution: grisendo commentedThank you very much for the suggestions.
I will try to apply all of them, I have some doubts:
Thank you!
Comment #2
gregglesThe benefit of making a dependency on php.module is that things like http://drupal.org/project/paranoia will block php.module. So if your module relies on and uses that code then people who block php.module will know that your module cannot run on their systems.
If the "execute php" feature of devel is not good enough then the solution should be to work to improve it rather than duplicating it.
Comment #3
grisendo CreditAttribution: grisendo commentedObsolete/Abandoned project