Just make sure he can't name any files to anything dangerous! Worst case scenario: he uploads a cgi script and has his way with your system.

-- Randal L. Schwartz, Perl hacker