Just found it in the 3DS MAX 2019 Help:
Security and Protecting Against Malicious Code
I want to ask Autodesk developers: “Are you guys serious?”
“…Only two things are infinite, the universe and human stupidity, and I’m not sure about the former…”
these two recommendations i like most:
When installing 3rd party plugins, make sure that the installed files are digitally signed with a certificate issued by a reputable source, such as VeriSign.
Never run an unknown MAXScript or Python file without first inspecting it for signs of malicious or suspicious code.
I am particularly amused by the last recommendation, bearing in mind that for many years Autodesk has provoked this problem (and continues do it), supporting and actually encouraging the development and distribution of encrypted scripts