Safe means that I can trust the data because it is not able to be tampered with (tainted) by user input - malicious or otherwise.
I am looking for a discussion on which of the apache vars -can- be tainted so that I know what I am getting myself into should I decide to use them. I am especially interested in those vars that are seemingly secure but have a nasty backdoor (because they are the rogues that get you later).
I'll check out the links above...

Thanks
Alex