That’s true, but it’s still pretty simple to fix. Just unban the players again.
Not if you don't have an incredible memory and can't remember every single person that you, or mods/admins, actually banned. Not if this is happening in the background and you don't even realize it's happening. Not if you don't have full access to the machine where the server is being run.
What specifically could happen that can’t already?
I've covered this a lot already. Here are some more things that they could do:
Gain OP powers that are irrevocable until the server owner figures out exactly what's going on, resets the map, then removes them from the OP list (at the same time, or the attacker can replace the command blocks, or the command blocks will reop the attacker)
Hold the map and backups hostage until a demand is met, potentially including permanent OP powers, or actual real life money
Do anything (and more) that the system owner could. Including using /debug to make files on the system, stopping or crashing the world whenever they want.
If it's a multiplayer server, then they have access to all of of the plugins, as I mentioned previously. You can easily get the server permanently banned from services like Votifier by abusing them. You can use the server's MCBans reputation to globally ban people you have a grudge against. You can change WorldGuard to unprotect the entire server. You can mess up the config of pretty much any plugin they have. All of this can be very hard to reverse.
If you stored their banned status in a scoreboard, it can be done in just one command.
That's a terrible solution. Then all they have to do is /scoreboard players set @a[rm=1] isBanned 1 and the server automatically bans everyone? How does this help? Now you have both everyone banned, and the system that you created yourself is constantly rebanning everyone on top of whatever they set up?
Saying that a feature shouldn’t be added because it might have bugs is ridiculous. Of course it might have bugs, everything does. That’s doesn’t mean it shouldn’t be added in the first place.
You are taking a small part of my argument, claiming that it is my reason why it shouldn't be added, then dismissing it without any reasoning other than "you're wrong, this is ridiculous". I'm not even saying that it shouldn't be added because it might have bugs, I'm mainly saying that it shouldn't be added because it does have massive vulnerabilities.
A bug is just one possible way to start exploiting this, on top of schematics, commands, custom maps, etc.. Minecraft is a buggy game, and bugs definitely do exist. You can't just easily make something attacker-proof as you are suggesting, because there are always modded clients and unexpected bugs.
It’s simple enough to have a clock teleporting players away from the command blocks so they don’t have access.
And then you turn command blocks off, break the command blocks, then turn command blocks back on. This is pretty much the worst extent of what you can currently do given you get access to command blocks, and it's very easy to fix.
Yeah, you’re right. I was thinking of being in a different gamemode, not being an OP. It’s rather odd that it works that way, that should be changed too.
Even in survival, all of the command block data is given to your client (and I believe it needs to be).
7, 8. You keep saying there are all these security holes. Can you provide an actual example?
Given above.
A good point. But the damage that could do relative to the cool things is could create is much larger than with my suggestion.
What "cool things"? You keep saying that, and I keep asking for examples that couldn't be done with . But, as you say:
I don’t have many uses in mind
In what realistic situation would you need to have a command block with /pardon-ip? Or /debug? All I see are malicious uses such as preventing admins from banning you, or spamming it to fill the server's drive.
For example, this could potentially replace any plugin which kicks or bans players. It could be used to create pseudo-hardcore on servers, banning players for a specific amount of time on death.
Which is, for this use, no different to teleporting the player to a jail cell (or constantly /killing them if you don't want them to talk). Other than perhaps being slightly nicer aesthetically, I don't see why this is worth all the risks.