You say ... that it's amazing
I'm fairly certain that what the other anon meant is "<sarcasm>amazing</sarcasm>", in which case he/she isn't contradicting him/herself.
The fix highlighted in your post only breaks back compatibility for those with fatal warnings enabled
No, at least not as of 4.13; the warning is unconditional and not fatal:
$ perl -MCGI -sE 'say $CGI::VERSION'
4.13
$ perl -MCGI -E 'no warnings; my $x=CGI->new; $,=", ";
say $x->param("x"); say "didnt die"' -- x=foo x=bar
CGI::param called in list context from package main line 1, this can l
+ead to vulnerabilities. See the warning in "Fetching the value or val
+ues of a single named parameter" at /opt/perl5.20/lib/site_perl/5.20.
+0/CGI.pm line 437.
foo, bar
didnt die
$ perl -MCGI -E 'use warnings; my $x=CGI->new; $,=", ";
say $x->param("x"); say "didnt die"' -- x=foo x=bar
CGI::param called in list context from package main line 1, ...
foo, bar
didnt die
$ perl -MCGI -E 'use warnings FATAL=>"all"; my $x=CGI->new;
$,=", "; say $x->param("x"); say "didnt die"' -- x=foo x=bar
CGI::param called in list context from package main line 1, ...
foo, bar
didnt die
Assuming you're the current maintainer: if you want warnings that the user of CGI can enable, disable and make fatal themselves, you should be using warnings::warnif() with warnings::register instead of warn.
BTW, 4.13 is showing up on search.cpan.org as an unauthorized release.