"Base64 disabled for security reasons"

Base64 is to convert jpg into binary codes attached into text input and decide to transform it back to image.

Another application is to encode serialized data to kinda preserve UTF-8 properties. (Saw that somewhere before)

And we totally don't use it.

Is used for many things, regarding Richard's post, base64 is used often to obfuscate malicious PHP code then is injected in a website's source and decoded just before runtime.
A web hosting company would most likely disable this function on shared hosts which are mainly used by amateurs that don't know much coding or how to make use of this function. Chances are if you don't know what it is or how it works you don't need it. AFAIK Fusion doesn't make use of such functions.

But I have seen it in themes and perhaps other addons...?

Searching here gives above 45 results.

Grimloch: https://www.php-fusion.co.uk/forum/viewthread.php?thread_id=32638&highlight=base64&pid=178770#post_178770
Craig: https://www.php-fusion.co.uk/forum/viewthread.php?thread_id=35007&highlight=base64&pid=188418#post_188418
SkPacman: https://www.php-fusion.co.uk/forum/viewthread.php?thread_id=35718&highlight=base64&pid=192286#post_192286

I do of course not know whether these examples are relevant, only that they refer to base64 somehow.

Yeah, base64 encode have been used to store image into SQL when you enable WYSIWYG editor like CkEditor or TinyMCE. But it bloats your sql table. These are not recommended since it's slow. You can search for Google say base64 encode image.

Not worry, Richard, we are not doing it this way. We will spend time doing the proper way of Ajax upload plugins instead doing shortcut that way.

Joinnn also had explain it as well on other implementation.

The snippet by Craig is to prevent such code being used. So there are no implementation here.

Base64 encoded input will fail on default PHPFusion security anyway. It's not secure to enable it for users.

I appreciate the answer Hien. It is comforting. :G

May I stress that this information be added to out Coding Guidelines for Themes and Addons? To prevent anyone from doing it?

Well, they are valid codes, however bad medicine. In core, it will definitely strip these, and base 64encode wont go through.

But there could be a problem having it guidelined here. TinyMce and CkEditor may uses it for image embedding. But what we can do is to ensure our end does not accept it. You wil get error pop up saying bad value and such. Defender does not allow base64 encoded texts or serialized text go through form inputs. They will be automatically trimmed and outputs as plain text. Thats the baseline here. It wont work. :)

But 3rd party stuff.. they have to be inspected manually. if our coded guidlines is that all form posts must go though form sanitizer, and i could crash post should it is not done so, that is what we can do on our end.

Well, that could be an issue, since both Tiny and CK are widely used. We can not just block it.
Are you saying Defender will convert their code, or just block it?

Defender's job is to Sanitise automatically . I'm not sure myself because i have never encountered one doing base64 encode.