Why is this an issue?
The keyword eval is an abbreviation for “evaluate". The function takes a string with JavaScript code, it will evaluate and run it for you.
1 2eval("2 + 3"); // 5
You could evaluate a simple expression, just like the one before, or an entire JavaScript code.
1 2eval("var x = 1; var y = 2; function sum() {return x+y+1; } sum();"); // 4
Reasons to avoid using eval
Malicious code: if you use eval server-side and a user decides to use an infinite loop, it may cause a server unavailability.
Slowness: JavaScript language is designed to use several JavaScript types (numbers, functions, objects, etc). Using eval forces JavaScript to understand all commands from a String, which is slower than normal JavaScript code.
Maintenance: debugging can be problematic since you can't find line numbers.
Vulnerability: improper use of eval opens up your code for injection attacks.
Best practices
Eval should be always avoided. But if it is really needed, for some reason, try to use GlideEvaluator.