Truth: I didnt even bother looking at the script
Truth: I probably know what it does
Description: runs commands typed into a web browser
Truth: these commands are then run as the httpd daemon username, on unix this is probably 'nobody'. In this case you can _ONLY_ execute command with o+x, and _ONLY_ read files with o+r, and _ONLY_ modify files with o+w (duh?)
Truth: this script idea is about 10 years old
Truth: if you're really paranoid about this script then do one of a couple things: 1) look into user mode linux 2) chroot 3) stop web hosting, because worrying about this is like worrying about whether or not your win2k box is secure - its just dumb.
sorry, thats my opinion