The meaning of the security warning is that if you insist on having a filename, then there will be a file in the filesystem that other processes can find and look at. If you do not insist on having a filename then in many operating systems File::Temp will create and immediately unlink the temporary file. That gives you a file on disk which no other process can find, let alone read.

The advice on passing data to Perl programs is bad. It will work if people use a 2 argument open. But not if they use a 3 argument open. But as Two-arg open() considered dangerous points out, you really should use the 3 argument version, which will break that meme. Someone should submit a patch to improve the documentation. (If I remember, I'll do it from home tonight.)

Update: I remembered to send it in this morning.