Lightning support for eval() in Summer 18

After doing some digging, i realized that the enablement of eval() for locker service might be for a entirely different use case.

Every time you log in to a website, a session is established so you don’t have to log in again for every page load. The browser usually stores sessions in cookies and all cookies are stored in a “cookie jar.” Locker Service protects the cookie jar from unauthorized use, but previously had to disable “unsafe-eval” with Content Security Policy (CSP) to make that protection effective.

Beginning with Summer ‘18, Locker Service provides a safe eval() and a safe Function() to improve compatibility with third-party code while maintaining full protection, and turning on CSP doesn’t disable those APIs anymore. For example, templating engines can really improve the maintainability of a project when creating HTML. To accelerate the output, those engines often use Function() to produce a compiled version.

If your project depends directly on a templating engine (such as the one provided by the hugely popular underscore.js and lodash.js), or indirectly via another dependency (such as Backbone.js), Locker Service has you covered. Secure Function() will ensure everything runs normally, while at the same time preventing access to other namespaces or to the Lightning framework itself.

What's new in locker service

Based on the above here my guess is static resource might be your only option. I wouldn't suggest using eval() unless absolutely necessary for your use case!