BitTorrent is written in Python, and has very safe, conservative ways of calling everything native, so in general I'm fairly confident that it doesn't have the sort of rampant security problems which plague the standard spaghetti code written in C. But there are a few potential problems which still give me nightmares. The biggest one is calling open(). When you open a file handle which includes in its name some data passed in over the wire, what file is really being opened? The honest answer is, I have no idea. Filename semantics are non-cross-platform, poorly documented, and communicated with using an opaque string. Unicode extensions make the problem even worse.

If you would like to do something to improve the security of the world, please make a library for accessing files which exposes what file will be opened by a given call in a coherent, cross-platform, unicode-supporting, and easy-to-understand way. I would love to use such a thing, but it currently doesn't exist.

I'd like to point out that I've taken steps to fix this problem in BitTorrent, and that it isn't alone in having this problem - it's a ubiquitous problem which I suspect is more often handled wrong than right. I'm just using it as an example, since it's a project which has taken security very seriously and yet still encounters difficulty here.

I'd like to point out that although a number of very large BitTorrent-based web sites have been taken down recently, downloads of BitTorrent have only gone down slightly. There's a widespread belief that BitTorrent is used almost exclusively for warez, probably a perception of people who themselves use it almost exclusively for warez, but that impression is simply untrue.