The fact that every ghc-compiled program accepts +RTS options could be a security problem in several contexts. For example, if you compile a “Hello, world!” program and make it setuid root, any user can now overwrite any file on the system using root privileges: hello +RTS -t/etc/passwd .

The GHCRTS environment variable has the same problem.

One should not need to have to know about these obscure features to write a secure program that accepts untrusted arguments.