There's been discussions about eval saying how bad it is. What I want to know was there ever an exploit on vBulletin through eval?

There was back in the version 2 days thanks to the joys of register_globals, if we forgot to initialise a variable and it was directly injected into the eval call then it was possible.

We don't do this in any of the vB3 code that I can think of off the top of my head. Every eval call is performed on the results from template fetcher.