For the most part, doesn't this "security danger" simply come down more to the vetting of parameters passed to functions, rather than the functions themselves? I mean, with the use of taint mode (-T), such an open statement would not be allowed as it (presumably) represents a passed parameter which has not been vetted prior to its passing onto open.
in reply to Two-arg open() considered dangerous
I do however agree with you most heartedly on the matter of sysopen() - A most underused and useful function ...
perl -e 'email@example.com&&&split/[@.]/&&s&.com.&_&&&print'