The article does not address another significant point: filenames should also be classified as untrusted input. Using -- to separate flags from arguments can help:

    /tmp$ mkdir x
    /tmp$ cd x
    /tmp/x$ echo hello > a 
    /tmp/x$ grep hello *
    hello
    /tmp/x$ touch -- -q 
    /tmp/x$ grep hello *
    /tmp/x$ grep hello -- *
    a:hello
    /tmp/x$

It's rare to see protection against this problem either when shelling out or in native shell scripts.