What do you mean by "really know"? Do you saying that before running some program I should review the sources? Are you really always do that? And root access is not a requirement to fall into that trap, ordinary users, who don't even know what Perl is, also can run these scripts.

What do you mean by "really know"?

Heh, you introducted this root, not me:

Some of these scripts are run by root, and he may don't even know that they written in Perl, I don't think he checking that there are no files with | or < in their names.

And root access is not a requirement to fall into that trap, ordinary users, who don't even know what Perl is, also can run these scripts.

Running whatever * while not knowing what * expands to or what whatever does is dangerous regardless of the language whatever is written in. Disabling magic open in Perl isn't going to fix the potential problems with this technique.

It's like saying "let's turn all Toyotas into bumper cars, as there are people crossing the road with their eyes closed". That doesn't make crossing the road with your eyes closed safe - you still get run down by Fords and other cars.

Running whatever * while not knowing what * expands to

I always felt safe running grep something *, can you enlighten me how it can be dangerous?

or what whatever does

in this case question is how whatever is implemented

It's like saying "let's turn all Toyotas into bumper cars

It's like saying let's equip every Toyota with safety belts.