I'd say you should make sure that neither a parameter nor the files content can be used against your script in a harmful way, by checking thoroughly for their correctness, that is, don't make the assumption that it will always be CSV-file you're getting

To find anything like a deeper security issue, I for one would need a bit of code to grep through ;-), other monks will be more helpful I suppose (me being a scribe still...both here in the monastery and in using perl)
regards,
tomte