I really really really should have looked at the code for this a little closer before I agreed to add a few bits of functionality to it. It was probably my enthusiasm about being paid once again to code that got me in trouble.
*Much later after I noticed this tab in Safari*
I guess it's not so bad. I mean, it IS bad, but not as "blood gushing from the eyes" bad as I thought at first. Any web app that uses a frontend script to exec() another script based on user input needs a dose of CGI::Application or some such module. I hope I can find my copy of the rhino book.