Thank you very much for your reply pludi.
>If the HTTP server is configured wrong and doesn't recognize the scripts as executables, and serves the content instead
I guess this isn't a problem, since
http://domain/script.pl executes.
>If another application on the same server is vulnerable to relative path errors, eg instead of calling /xyz/cgi-bin/script.pl
Could you give me an example of such an application?
>If you've got a script that uses templates with variables passed through POST. Those could be set also via GET and potentially serve content you wanted hidden
I'll keep this in mind when I'm building forms and passing variables.
Thanks again,
Dave