I have this nervous habit that every time I open a terminal or change directories, I type ls. Besides an overly large bash/zsh history file, this actually led me to stumble up on a number of temporarily files, directories and other things that an application may litter in a directory as part of its normal operations. Right now, list the contents of /tmp. Aside from random files you stashed there for lack of space elsewhere, you'll almost certainly see files that were dropped there by applications that have run recently on your system.
If you have any sort of security background, you can see where this is going. The problem is that these applications don't always handle all situations carefully when it comes to temporary files. What if the file already exists? Symlinks? What if the directory is owned by another user, but is world writable? What if the filename is predictable? These are the breeding grounds for race conditions, symlink attacks and other related security vulnerabilities.
The result is tmpsnarl, a quick little script designed to look for and capture temporary files, directories, sockets, symlinks and the like in the hopes of being able to exploit the above mentioned vulnerabilities. I've used this tool to re-discover some of my past vulnerabilities, as well as find a few 0day race conditions that I was unaware of. I now instinctively run tmpsnarl on all systems I have shells on and the results are amusing. Give it a spin, and shoot any feedback or discovered vulnerabilities back my way.
Temporary files -- yer doin it wrong.