diff -ruN ruby-1.8.4.orig/eval.c ruby-1.8.4/eval.c
--- ruby-1.8.4.orig/eval.c	2005-12-20 22:41:47.000000000 +0900
+++ ruby-1.8.4/eval.c	2006-07-20 18:33:50.000000000 +0900
@@ -2097,7 +2097,8 @@
 	}
     }
     st_insert(RCLASS(klass)->m_tbl, name,
-      (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin), orig->nd_noex));
+	     (st_data_t)NEW_METHOD(NEW_FBODY(body, def, origin),
+				   NOEX_WITH_SAFE(orig->nd_noex)));
     if (singleton) {
 	rb_funcall(singleton, singleton_added, 1, ID2SYM(name));
     }
@@ -5638,6 +5639,11 @@
     TMP_PROTECT;
     volatile int safe = -1;
 
+    if (NOEX_SAFE(flags) > ruby_safe_level &&
+       !(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
+       rb_raise(rb_eSecurityError, "calling insecure method: %s",
+		rb_id2name(id));
+    }
     switch (ruby_iter->iter) {
       case ITER_PRE:
       case ITER_PAS:
@@ -5742,10 +5748,6 @@
 	    b2 = body = body->nd_next;
 
 	    if (NOEX_SAFE(flags) > ruby_safe_level) {
-		if (!(flags&NOEX_TAINTED) && ruby_safe_level == 0 && NOEX_SAFE(flags) > 2) {
-		    rb_raise(rb_eSecurityError, "calling insecure method: %s",
-			     rb_id2name(id));
-		}
 		safe = ruby_safe_level;
 		ruby_safe_level = NOEX_SAFE(flags);
 	    }