> But I could’ve sworn I’d read somewhere that this at least wasn’t suggested

Maybe you’re thinking about the use of untrusted bytecode? Loading it is strongly discouraged because that’s insecure - Lua has nothing like a bytecode verifier.