[gopher] Security issues in Gopher?

[Robert Hahn <rhahn@xxxxxxxxxx>]

While poking about on the web trying to determine whether anyone else 
has compiled Gopher on Mac OS X, I came across some references to 
security alerts regarding Gopher.  They all seem to talk about buffer 
overflow exploits.   Seeing that they're all attributed to 2.x versions 
of Gopher, I'm wondering:  with the recent work that has gone into it, 
have the programmers for the project made an effort to tackle security 
on a proactive basis instead of a reactive one?  I would hardly be 
unique by saying I don't want my system hacked. :)

A related question:  I've noticed that one way (and the existing 
documentation seems to imply that it's the preferred way) to run gopherd 
is as root.  I've been a web developer for many years, and I remember 
the days when the developers at Apache campaigned to get administrators 
to run their server as user nobody or www.  The reaoning behind it seems 
pretty sound to me (ie: user 'nobody' can't really do a whole lot of 
damage) so I'm wondering what it would take for me to run gopherd as 
nobody - and better still, why people are running it as root.

thanks, all!
-rh