For the most part, doesn't this "security danger" simply come down more to the vetting of parameters passed to functions, rather than the functions themselves? I mean, with the use of taint mode (
-T), such an open statement would not be allowed as it (presumably) represents a passed parameter which has not been vetted prior to its passing onto
open.
I do however agree with you most heartedly on the matter of sysopen() - A most underused and useful function ...
perl -e 's&&rob@cowsnet.com.au&&&split/[@.]/&&s&.com.&_&&&print'