Yes I do and he does have a point. In some OSs though, that attack won't work
, as /tmp is a separate partition that is mounted as noexec, so you can't run code from there even by accident. Personally, I don't have . in my path and run stuff with ./ in front, but I know some people that do ( and they are aware of the security issue) and I'm ambivalent on the issue myself.