Just to return it on topic :)

Here a link on my favorite article about possible security holes in Perl CGI scripts which do not filter properly input data (particulary filenames).

--
Ilya Martynov (http://martynov.org/)