OK - thanks for clarifying that for me. I understood the nature of the crack as described by Ovid in his node (and by others elsewhere on the web). In fact, I'm not anticipating sending anything to system(), and I'm tainting things.

However, when I send utf8 text to other external C programs (databases, for example, or sendmail), should I take special caution in those cases?