Should class.c's rb_scan_args initialize not provided optional arguments 
to NoValue (subclass of Nil and/or evaluates like nil). Now it's impossible
to differentiate was optional argument passed as Nil or was it missing
and it was initialized automagically to Nil.

----

variable.c rb_autoload_load
Untaints auto*magically*. Possible security problem?

#  html_form_param_really_from_browser = 'ruby_lib_intruder_want_to_use'
  autoload( html_form_param_param_really_from_browser )

-----

eval.c rb_provided
Q: why rb_f_require treats libfile.so and libfile.o equal but rb_provided
checks only for libfile.so.

Could this be (not important) optimization?:
	if (strcmp(f, feature) == 0) return Qtrue;
	len = strlen(feature);
	if (strncmp(f, feature, len) == 0
	    && (strcmp(f+len, ".rb") == 0 ||strcmp(f+len, ".so") == 0)) {
	    return Qtrue;
	}

Isn't first strncmp(f, feature, len) == 0 only if strcmp(f,feature) == 0.
And in that case we have returned already.

	if (strcmp(f, feature) == 0) return Qtrue;
	len = strlen(feature);
!	if (strcmp(f+len, ".rb") == 0 ||strcmp(f+len, ".so") == 0)) {
	    return Qtrue;
	}

---

eval.c dln.c dln_load
    char real_name[1024];
    strcpy(real_name, initfuncname);
    strcat(real_name, "__Fv");

initfuncname is now always "Init_%200s", but maybe not in the future. So
real_name could be to small for strcpy and strcat could cause overflow.
real_name should probably be char real_name[MAXPATHLEN] which is used for
initfuncname everywhere else.


	- Aleksi