The tools is unmaintained and has security bugs. Thanks
https://sourceforge.net/projects/mp3gain/files/mp3gain/1.6.1/ Latest version of mp3gain was released in January this year, so I don't understand why you stated it is 'unmaintained'.
Even if it has security issues, the mp3 files are created by a trusted program, thus an exploit is very unlikely. Also, mp3gain is very important for this kind of application and if there isn't a suitable replacement, a workaround should be to make mp3gain private to abcde (not in the path to be executed by a user, but exclusively by abcde after a known safe mp3 transcoding). On the other hand, as pointed out already, mp3gain seems to be actively developed and version 1.6.2 is from 30th May 2018. What ever the Gentoo distribution maintainers come up with in the future, PLEASE don't ever remove the mp3 gain functionality. PLEASE DON'T! EVER! Leave it to the users to decide. (Make an "unsafe_mp3gain" useflag if necessary...)
there's already a good alternative to "mp3gain" called "loudness-scanner", with implements ReplayGain 2.0 (based on EBU R128). Works with FLAC, OGG, AAC, MP3, MPC and others. We just need a maintainer: https://bugs.gentoo.org/550342
