Hi David,
I've been using Lilypond for a few years, and only yesterday learned about the point-and-click feature in pdf output. In particular, I had no idea that by default Lilypond includes absolute pathnames to local source files on my system as metadata in the pdf output files. So when I uploaded a couple of files to IMSLP recently, that metadata was available for all to see.
The Notation Reference states (https://lilypond.org/doc/v2.23/Documentation/usage/configuring-the-system-for-point-and-click):
"Point and click functionality is enabled by default when creating PDF or SVG files."
"Note: You should always turn off point and click in any LilyPond files to be distributed to avoid including path information about your computer in the PDF file, which can pose a security risk."
I agree that these statements make for a gloomy combination by today's standards of increased awareness for computer security issues.
Wouldn't it be more reasonable to switch point-and-click off by default? My argument would be that in Frescobaldi, it's trivial to accommodate such a change, and non-Frescobaldi users who are able to set up a point-and-click-ready system of their own should also be perfectly able to make point-and-click the default on their system if they want to. Even more so since there's \pointAndClickOn, making it trivial to enable the feature for individual files without having to mess with command line parameters.
Lukas
