The title refers to scripting, I'm not gonna hand over the reins to anybody! :P
Basically what I have in mind (and have gotten seemingly working great) is that cards and "Actions"(the concept of which is a WIP) is a hybrid between hardocding and scripting in that you write the cards as full-fledged C# ( I could potentially allow other .NET languages down the line) classes that inherit from a base class and you can reference and use any code exposed by a project called "Sharpening_Exposed" (How witty) . However, the card files aren't compiled together with the actual program but only when (for "Actions") the program loads or (for "Cards") when they are used in a deck. This lets you have both the code flexibility of hardcoded cards and the plug-and-play-ity of scripts.
There are some safety concerns, of course, like "What's stopping a card code from accessing the filesystem and network to steal data in a maliciously tampered distribution?". I'll tell you what: A whole lot of AppDomain voodoo that's been my headache for a while. >_> Basically, an AppDomain is an isolated area of code that operates with certain permissions. Fully trusted code can do anything, but I've taken away all permissions except code execution from the AppDomain that will run the compiled cards and "Actions" so all that happens if they try something like that is a SecurityException will be thrown.
Mind you, that's a *very* brief overview. ;)