Can someone explain to me the point of placing a possible path to the password file in the "new username" ($nu_name) field? Wouldn't that only pay off if that input were used somewhere in an open call, which seems highly unlikely? In fact, I'd only see a point in attempting a SQL injection attack at this point (any users named foo' OR 'a'='a out there?)

I think you'd be a fool to think that the [id://pmdev]s on PerlMonks left any obvious security holes. That's not to say there's never been a security breach here before!