Please note that this is normal behavior, and it exists to protect you. When you execute a script from an existing Script instance or icon, the fully preprocessed source code to execute is first verified to match a cryptographic checksum (MD5 in current PixInsight versions). This guarantees that the code you are about to execute is exactly the same code that was executed when the icon was created or last updated. If the checksums mismatch, execution is forbidden by default. To execute a modified script from an icon, you have to clear the MD5 checksum manually (or, in other words, you have to assume all the responsibility for what will happen when you execute the modified code). Obviously, this happens when a new version of a script is released.
Scripts, because of the fact that they have to expose their source code necessarily, are good potential vectors to inject malicious code through scriptable applications. A script can be altered to use the PixInsight platform as a vehicle to distribute viruses, Trojans and other beasts, or even to damage the host machine irreparably. Bear in mind that the PixInsight JavaScript Runtime is very powerful, giving access to a lot of hardware and software resources, even more than many compiled languages. You can expect more security resources implemented to protect scripts in PixInsight during the 1.8.5 cycle.
