A crash is really not the point. More like messing up a users config, calling random functions of other add-ons (for example, you could use one of the RTB supports scripts to get a tcp object or have access to the eval function, etc) and other things that aren't instantly noticed. Maybe even sneak in another backdoor through the downloaded script. You could even give some players a different file based on their bl_id or whatever.
All of that is hidden of course. All the user ever sees is "Do you want to download shinyeffects.cs" > Yes > "File has been approved and is secure" > Yes > Shiny effects appear on screen
This add-on is a giant security risk for players that don't know what they're doing and just download it because they want to join your server, and you cannot fix it. If you want to have a custom client with an auto updater only for you, there is no problem at all. Just release it as a seperate add-on.
Also please note that I'm not trying to attack your server or whatever. The gamemode is great and the gui looks really nice. But the way you chose to distribute it is beyond horrible.