to reiterate about security concerns...
To understand how Fallout 4's language, Papyrus, is NOT and CANNOT be a security risk, you have to understand how it works.
Firstly, it is a (mostly) proprietary language developed by a Bethesda employee. To my knowledge, it's used exclusively for Bethesda games and even then, only Skyrim and Fallout 4.
Papyrus *only* interacts with Fallout 4 during runtime by default. The only way to get around this is with script extenders or third party extensions like SKSE/F4SE, or JContainers for Skyrim. These are IMPOSSIBLE to use on a console, and IMPOSSIBLE to distribute through Bethesda.net's modding system.
What you are left with are .esp and .bsa files. .esp files are game settings and records. This is how you actually make mods. Game records can be anything from a sword to an NPC's greeting to an idle marker, literally anything and everything in the game is represented by a record, including game settings. .bsa files are archive files that hold assets such as textures, audio, scripts, and meshes. Attaching a script to an item, a quest, anything that makes it fire, requires a record.
The script itself can be written and compiled using either the CK or a third party program, but in the context of what the script does, it has a limited library of functions and events that are hard-coded into the .pex files (uncompiled script source files). These cannot be changed on consoles. Changing these to provide more functions and events is the goal of the Fallout 4 Script Extender which is CANNOT be used on console.
These functions and events are used only by the game because they're functions of the game. Functions like AddItem() (give the player an item), or SetStage() (set the stage of a quest), or Kill() (kill an NPC). This library of functions can NEVER be used for any kind of security breach; they are Fallout 4 scripts that only have a context in Papyrus and only work when drawing from Fallout 4's native library of functions. You can't just write a function in Papyrus that is HackPS4(), because the function doesn't exist and you cannot make one out of the existing functions. It ONLY interacts with Fallout 4 during runtime, it does not link to external libraries, and it cannot be used to do anything that isn't provided by Bethesda. Even if a modder wanted to make a new function that is actually relevant to the game (say a function to set an ArmorAddOn path), they can't.
There is absolutely 0% risk of security breach whatsoever from Papyrus, full stop. It is a completely safe scripting language for Fallout 4 and security concerns make no sense whatsoever. Sony was not worried about a security breach because they aren't a stupid company.