[ehremo]

Actually I don't believe that would happen. I think the relative PYTHONPATH gets expanded at startup and becomes an absolute path. Subsequent changes to the working directory wouldn't affect it.

[pyre]

That seems correct:

  /tmp $ PYTHONPATH='./test' /usr/bin/python -c 'import sys; print sys.path[:3]'                                                                                                                               
  ['', '/private/tmp/test', '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python27.zip']

[JoshTriplett]

Good to know, thanks.

It's still odd for software to only work when launched from a specific directory, but not necessarily a critical security vulnerability then.