It depends. If the various strings can still somehow be concatenated into words, then it may be possible to execute lambda functions:
loadstring [[
(function()
print('insert malicious code here')
end)()
]]()
So you should definitely still use some sort of blacklist to filter out keywords to prevent that from happening; especially for, while, and repeat since they can infinitely loop to freeze the server.
Also, always override the loadstring environment.
local f = loadstring[[return game]]
setfenv(f, {})
print(f()) --nil