I'm going to pick on superclass_delegating_reader from ActiveSupport 2.3.5 for an example of unsafe metaprogramming.
In general, anytime you use eval with a string created by interpolating arguments, you need to be sure that the string created is valid ruby code.
Now, for most cases, this will work just fine. But take a few seconds to look at this method and see if you can spot some safety issues.
(10 secs) Alright, let's consider what happens if name contains a character valid in a method name, but not valid in a literal, such as a space?