pkg_postinst() uses /tmp insecurely. Please perform the modification in src_unpack(), and use ${T} if necessary. using /tmp can be very dangerous if done incorrectly so should be avoided :)
yuck. fixed.
in general please don't close security bugs since, at least, we have to decide whether we issue a GLSA or not, whereas in that case i would vote "No".
also voting no here and closing