This is slightly off topic but...

Could someone explain to me the need for the IFS line?  I read the
link to the Secure UNIX Programming FAQ, and am still puzzled.
In particular if an attacker has set IFS to "=" doesn't it mean
that the line

    IFS=" "

in the script will be interpreted as

    IFS " "

which doesn't solve the security hole.  So why bother?

Marc