$ grep -r 'eval(' codeigniter/ | wc -l
20


Version 1.7.1. From the changelog: Fixed an arbitrary script execution security flaw

Well, who would have expected that?