I want to confuse my element names with my application variables... one way of looking at it is a deliberate, controlled extension of my application's namespace to include the HTML form.

And the day someone returns a form variable that happens to overwrite your value of $authorized with 1 for a critical application, you are toast. This already generated a CERT warning for a PHP application... why repeat history with Perl when it is so easily avoided?

In the security biz, we repeat two mantra:

• Do not let your data become code.
• Do not let your code become data.

The wise one pays attention to both, with rigor.

-- Randal L. Schwartz, Perl hacker