it turned out that Groovy has a vulnerability which allows formulas used in mind maps to remove security manager and be executed without restrictions.
To solve this issue I had to patch Groovy in Freeplane versions 1.5.20 and 1.6.1_18 .
I also submitted issue to Groovy team on the 23/Apr/17 . The issue report contains problem description, test cases and patch description.
Until now we have got not response. So if you agree with me that this problem is urgent, please vote for the issue so that it becomes more attention from Groovy developers. To give you vote you need to register you user account at the bug tracker.