Careful thought about that venerable security hole:
in reply to Two-arg open() considered dangerous
demonstrates the truth of what you say. Essentially any API which make data and metadata easily confused should be viewed with suspicion.
But given that the 3 argument open is not documented as of 5.005_03, I would be cautious about suggesting that people use it in any code whose use is meant to be portable. People will have to use sysopen instead, but now you have to go through extra hoops to pull in the right values of your flags from Fcntl.