Security can be indeed be tough to assess, though there is one automatic disqualier that's easy to check: Do the scripts survive taint checking?

Slightly harder, but still doable, is to inspect each file open to verify that any filenames that have been passed in have been correctly de-tainted. (I.e., did the programmer really taint check, or did they do the minimal to make the warning go away?)

The rest is application specific.