Well, You are probably right, but this is exploitable on several applications aswell. There is a bit more here http://seclists.org/oss-sec/2014/q3/650.

So, applications that expose some of the functionality that is vulnerable (abitrary environment variables) could be used to get at least shell code execution as current user.

But, that being said, I agree, I dont consider this a huge threat to Jolla/SailfishOS