There's been a bit of attention recently on these things. The big issue is people using " * " on the command line without prefixing with an "--" argument or simply "./*". If someone has managed to sneak in particularly evil filenames (that look like -options), then the unsuspecting user may be in for a surprise, for example tar'ing up a public upload directory.