While the GroovyUpdaterClassLoader applies some blacklisting and compilation checks to prevent very obvious mistakes and misuse, it is still (too) easy to workaround this.
A bit more hardening against such easy workarounds can be applied.
Note though that it is not intended nor assumed that the GroovyUpdaterClassLoader provides a full blown and trusted Groovy security sandbox, guarding against all possible misuse.
Proper securing against misuse of the capabilities of Groovy in the context of Groovy Updater scripts relies on the usage and access to those scripts, e.g. to be limited to trusted developers and administrators only.