Script Access from YUI files should require whitelisting the available functions

[shdwcat]

Right now, YUI can execute any script, or any method on an object in the data context. In a released game this is obviously a huge security problem, so script access should require whitelisting, such that only the scripts allowed by the developer can be run.

[shdwcat]

This might be better solved by planned 'embedding' feature, though might still need to be solved to support UI modding (but that's way in the future)