[eluser]Pascal Kriete[/eluser]
There are no inherent security risks as long as you remember your naming conventions. For example, since you know that they migh have quotes, you'll know to make sure that you need to form_prep before adding the name to a form.
You don't need to hack the class though. You could either extend the class and change it, or simply set the variable after loading it:
Quote:$this->cart->product_name_rules .= '\(\)'; // add parens to valid product names
It's not a bug, but it should probably be noted in the docs.
Thanks.