You can't trust in %ENV! Just because you are inside Apache this doesn't mean that Apache generated %ENV.

You only can trust in some key inside %ENV, after check it. For example, make a code that check if the format is safe, and than use the key (but no one do this, including me).

You touched in a good point to hack some servers... Specially for persistent process, like in mod_perl, where you can change the memory part of a key directly, since this memory part is there (or can be there) between HTTP queries too. (Specially on Win32)

Graciliano M. P.
"The creativity is the expression of the liberty".