There is a lot of good news in here. This is as of the 1.3 branch:
- Dynamic scripting disable by default for security
- Moving from MVEL to Groovy
- Added Lucene Expressions
Here's an earlier article about scripting and script security.
I personally haven't done that much with ElasticSearch scripting, but I need to start playing with it to see how it can help. I'd encourage you to do the same.