An issue with SheBang (#!) directed interpreted scripts is that it is possible to overload the server and convince the interpreter to execute a different (hostile) file. If the script has the uid set to a user, or worse to root, considerable damage is possible. For this reason, interpreted languages are sometimes prevented from setuid() and assigned the permissions of 'nobody'. It is possible however to write a short compiled program that sets or acquires a uid and then calls the interpreted script, thereby giving the interpreted script the permissions of the compiled program.
Q: Is this workaround actually any more secure than allowing the scripted language to setuid itself?
A: Yes, it is more secure. The wrapper program typically has hard-coded path names that point to a directory only writeable by root. Set-uid shell scripts are fundamentally insecure. If you ever find a single one on a system, follow these simple steps to get root access: