Piping email to a script - security concerns and advice

gingerman

Hello all and thankyou in advance,
I am using email piping to activate a script.
The script filters the (stdn) input from the email sent to it and extracts the subject, message, sender's email address and the JPG image saving the attachment to the server and the details into a MySQL database.
The script is not accessible to the public - e.g. it is below /public_html/

What security concerns should I be aware of?
(E.G. can virii be uploaded to my server or could malicious code be run?)

What techniques can I use to ensure the script is as secure as possible?
(Not things like disconnecting the server from the net 🙂 )
e.g. not using Globals is an obvious one.

gingerman