If you write shell scrips, you should check out Dave Taylor’s latest article in Linux Journal.
He gives key examples of what can go wrong if you don’t pay attention to certain things.
For example, if you have a dot in (especially at the start of) your PATH variable, you risk running a Trojan horse that snuck sneakily into your /tmp directory. If you want the dot, put it last.
Anyway, a simple straight forward article with a few pieces of good advice: Writing Secure Shell Scripts