Thanks for the reply! It's nice to get some feedback on this node.

Going back to the original node, I see that the poster asked "how do I make an associative array that holds each of the variable names and its corresponding value?" There was never any question of symbolic references, or even of using CGI's import_names method. The original poster was simply using 'variable name' to mean 'parameter name'.

So, really, it seems that we agree. Accepting arbitrary parameters in a CGI script is not necessarily a security risk. It becomes a risk only if the parameters are handled in an unsafe way.