The biggest security concern with
print `date` is not that system's
date binary has been trojaned. If that were the case, you're already screwed. I'd be more concerned that combined with some sort of path munging, an entirely different file named
date could be executed. If it used an absolute path name, I dont think there would be much of a security concern at all. i.e.
print `/bin/date` would be a step in the right direction.
From a coding standpoint, shelling out trivial things like this is a performance hit, and I'd flag it in any program that wasn't a throwaway. Of course, virtualsue, only advocated it for use in quick 'n dirty stuff anyway.
-Blake