Wait. You want to protect against a root who runs some-program-he-doesn't-really-know * in a directory with world write access, without looking at the content of the directory?
in reply to Re^2: magic-diamond <> behavior -- WHAT?!
in thread magic-diamond <> behavior -- WHAT?!
Isn't it easier to fix scripts that rely on magic open after they stop working, then to fix scripts that work perfectly, except that they could ruin your system.
I'd say the person with root access is a way bigger problem to your system than magical open.