Makes use of tempfile.mktemp
Several modules in src/calibre/
self.__write_to = tempfile.mktemp()
and the self.__write_to is referenced later in process_pict, where it is opened like this --> (line 145)
and data is copied into the file (if it is to be copied)
which ends up calling shutil.copyfile which will end up copying the pict.data file to the self.__write_to file location. As self.__write_to maybe a symbolic link, this may mean that another user file maybe over-written (e.g. ~/.bashrc).