Do you really think that Matt's code is easy to read? I think it looks horrible. It's massively overcomplicated, it's full of outdated Perl 4 idioms and it doesn't make any use of modules which would reduce it in length by about a half.

But my biggest problem with it is the number of people who have written other bad code following Matt's example. I'd guess that at least half of the broken, hand-coded CGI parsers that I see are based on Matt's code.

Update: It's also worth noting that whilst the latest version of Matt's formmail is (as far as I can see) free from security holes, older versions that are famously insecure are still in use on hundreds of web servers.

I know that the nms versions of the program are more secure and better written. I hope that they are also easier to read.

I'm pretty certain that the "un-webify" code that is everywhere came from some early Matt program.

?J\

No notes, no documentation, and a lot of it went beyond 100 characters per line (so I cannot even print it out to make it readable).

There are some cool things Perltidy can do, but break apart 100+ character strings/reg-expressions is not one of them.

A lot of perl code is bad perl code.

I've seen 500+ line loops in about 30% of the perl code I see. The lack of use strict is worse. No one writes tests; unit or otherwise. Documentation is restricted to crypic comments in the source than often guard against conditions that no longer apply, or are flat out wrong.

It's easy to blame the coders, but management let it into production in that state...