At the start of Section 5, there appears to be some missing
bibliographic citations -- just "( - )" is written.
Other security considerations that should be mentioned:
Some characters have special or privileged meanings on some
systems (i.e., ` on Unix). Applications should be careful to
escape those locally if necessary. By the same token, they
are legal, and should not be disallowed locally for such reasons
if a remote site chooses to use them.
The presence of local checking does not excuse any lack of
checking remotely. Note that this can apply to a single
machine; in particular, a local MTA should not assume that
a local MUA has properly escaped locally-significant special
characters.
--Steve Bellovin, http://www.research.att.com/~smb