Yes, perhaps we should stop using that.
Nevertheless, the problem I was trying to address is that
everyone is sharing /mail/tmp (see the scripts in /mail/lib,
although I'm sure you know them from memory :) ), and thus
if one has one problem, it can lock everyone else using /mail/tmp.

I'll take a look now to the countermeasures you suggest.
I think we are applying a few other measures, including
validatesender, but I'll take a look.