As far as I can see there is no problem with allow_url_fopen. We should be pretty draconian about what arguments we pass to fopen() anyway, nothing should end up in there unless the filtering logic allows it. So opening URLs shouldn't be a security risk.
Edit: Petr, I think we were typing this at the same time
General developer forum
Slasharguments test in Health center
This discussion has been locked so you can no longer reply to it.