https://issues.dlang.org/show_bug.cgi?id=15584 --- Comment #4 from ag0aep6g at gmail.com --- Ok, I think I get it now. The point is that it's relatively easy for an attacker to slip a symlink through, compared to a shell command or a compiler argument. --