diff --git a/assets/opencomputers/lua/kernel.lua b/assets/opencomputers/lua/kernel.lua
index ff0af0d2b..d59e97f93 100644
--- a/assets/opencomputers/lua/kernel.lua
+++ b/assets/opencomputers/lua/kernel.lua
@@ -66,8 +66,10 @@ sandbox = {
   end,
   ipairs = ipairs,
   load = function(ld, source, mode, env)
-    assert((mode or "t") == "t", "unsupported mode")
-    return load(ld, source, "t", env or sandbox)
+    if not allowBytecode() then
+      mode = "t"
+    end
+    return load(ld, source, mode, env or sandbox)
   end,
   loadfile = nil, -- in lib/base.lua
   next = next,
diff --git a/li/cil/oc/Settings.scala b/li/cil/oc/Settings.scala
index 9b54b2478..51de063c4 100644
--- a/li/cil/oc/Settings.scala
+++ b/li/cil/oc/Settings.scala
@@ -42,6 +42,7 @@ class Settings(config: Config) {
   val canComputersBeOwned = config.getBoolean("computer.canComputersBeOwned")
   val maxUsers = config.getInt("computer.maxUsers") max 0
   val maxUsernameLength = config.getInt("computer.maxUsernameLength") max 0
+  val allowBytecode = config.getBoolean("computer.allowBytecode")
 
   // ----------------------------------------------------------------------- //
   // robot
diff --git a/li/cil/oc/server/component/Computer.scala b/li/cil/oc/server/component/Computer.scala
index c4fcedb65..e7271a642 100644
--- a/li/cil/oc/server/component/Computer.scala
+++ b/li/cil/oc/server/component/Computer.scala
@@ -965,6 +965,13 @@ class Computer(val owner: tileentity.Computer) extends ManagedComponent with Con
       })
       lua.setGlobal("print")
 
+      // Whether bytecode may be loaded directly.
+      lua.pushScalaFunction(lua => {
+        lua.pushBoolean(Settings.get.allowBytecode)
+        1
+      })
+      lua.setGlobal("allowBytecode")
+
       // How long programs may run without yielding before we stop them.
       lua.pushNumber(Settings.get.timeout)
       lua.setGlobal("timeout")
diff --git a/reference.conf b/reference.conf
index 01ebeb380..84f59da85 100644
--- a/reference.conf
+++ b/reference.conf
@@ -72,6 +72,14 @@ opencomputers {
       # already running - they'll have to be rebooted for this to take effect.
       timeout: 1.0
 
+      # Whether to allow loading precompiled bytecode via Lua's `load` function,
+      # or related functions (`loadfile`, `dofile`). Enable this only if you
+      # absolutely trust all users on your server and all Lua code you run. This
+      # can be a MASSIVE SECURITY RISK, since precompiled code can easily be
+      # used for exploits, running arbitrary code on the real server! I cannot
+      # stress this enough: only enable this is you know what you're doing.
+      allowBytecode: false
+
       # The time in seconds to wait after a computer has been restored before it
       # continues to run. This is meant to allow the world around the computer
       # to settle, avoiding issues such as components in neighboring chunks