Comment 8 for bug 1005921

@gholt: Like I explained in previous comments, there is no clear vulnerability for you to fix here, just an area of the code that could use some extra security auditing, and/or code changes to be sure to always quote/unquote rather than relying on the function caller to do so.

Let's see if the auditors can come up with a specific exploitable case first -- if they can't, we'll open up this bug and potentially strengthen the functions around that in public patches.