The former happens a lot when people try to block specific commands for sudo, instead of taking a "permit these only" approach. If your sudoers file says you can access "all these commands but not cat", the site points out that you can still use base64 to accomplish the same ends. The effective solution is to start from "you can run exactly these commands and no others", which at least allows you to reason about what the user can and can't do.