we are in the process of uploading an new theme and have received a new type of soft reject:
fopen, file_put_contents, file_get_contents, fclose, curl_exec, curl_init, base64_encode, etc are no longer allowed.
The reason being: security. While we do understand, some features do require those functions. Example being the Vimeo API, which requires the use of file_get_contents to get the video images.
We also used base64_decode because we used the textarea_raw_html element of Visual Composer. That means we cannot use functionality of the most popular plugin on Codecanyon, which seems a bit funny.
One solution the reviewer mentioned, is to move everything to a plugin. But is that really a solution? That does not seem to make it anymore secure.
What do you guys think? Do you have any other solutions or do you still use the above PHP functions?