[terminus]

Speaking from imperfect knowledge, I'd guess: case insensitivity implies allowing for aliasing (case aliasing for case insensitive and god-knows-what for Unicode insensitivity.)

Which means that anywhere you handles names, you explicitly handle these aliases. Miss a spot (or an alias), and you have a security bug.

[dennisnedry]

In this case, the specific exploit Linus is referring to works by commiting a malicious .git file as .Git to your repo. Then somebody else on OSX clones your branch, and the bad .Git file will overwrite your .git file, causing a security breach.