Security flaws allowing arbitrary code execution, arbitrary file access, or arbitrary sending of many, many e-mails in a short period of time with no way of tracing origin: either removal from listing until problems are fixed, or marked with "Serious Security Flaw" on the page where it's listed (not just the "detail" page).

This seems related to the tainting point. Should that point be reworded to something like: "Security. Implements valid checks on all user input for potential security breaches or other damage; prohibits arbitrary commands."?

Is portable. Exceptions given where script's function is inherently platform-specific. ( -1 if not portable to both Windows and UNIX, +1 for use of File::Spec instead of hard-coding "/", /\A.{1,2}\z/, etc. )

Hmmm. Submitted scripts (usually) list the platforms that the script has been tested with/developed for. Does anyone second the motion of point loss if it's not cross-platform?

Jasmine