org-attach-directory should be safe to set as a file local or directory local string.
This allows the user to set a directory local attachment directory for all Org files in a directory tree recursively. I do not believe there are any security issues to enable arbitrary Org files to set org-attach-directory to a string value as the user would have to explicitly initiate any attach operations. The most dangerous thing I can think of is an Org file setting the attachment directory to the user's home directory and the user running the command to delete all attachments. Note that org-attach already allows setting the attachment directory on a headline basis, this would just allow setting the attachment directory on a file or directory basis. It can be argued that the existing functionality makes it more visible if a malicious Org file sets a dangerous attachment path (a property on the headline vs a file local variable or dir-locals file). org-attach already mentions that deleting all attachments is potentially dangerous and recommends deleting through Dired. Deleting through Dired would make it impossible for a user to not notice that a malicious Org file has set the attachment directory to something undesirable. Emacs : GNU Emacs 25.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.19) of 2017-09-16 Package: Org mode version 9.1.3 (9.1.3-10-gadfbfd-elpaplus @ /home/ionasal/.emacs.d/elpa/org-plus-contrib-20171127/)
