Ambiguity seems, to me, to conflict with the desire for clarity and reliability. Any language which allows a typo in an assignment statement to create a new variable name binding silently is insufficiently safe for my purposes.
I don't claim that Ruby and Python have security holes form this behavior, but people rightly criticize PHP's register_globals for similar reasons.
"Any language which allows a typo in an assignment statement to create a new variable name binding silently is insufficiently safe for my purposes."
Um...Perl has exactly this problem. The only difference is that it's worse because the variable in question gets created as a global variable of the local package - which is naturally visible to anything else that wants to see it, btw.
This is exactly why they created "use strict", and underscores the "Perl philosophy" in an elegant nutshell - instead of fixing the underlying problem, just create a hack around it and expect everyone to "know" that they should use it as a best practice.
We fixed it in Perl 6, and I created a patch for Perl 5 to make strict default. I wish it had been the default behavior, but at least strict is available (and has long been a recommendation in every credible tutorial and online forum).
Note also that ECMAScript has recently introduced a similar strict mode.
I don't claim that Ruby and Python have security holes form this behavior, but people rightly criticize PHP's register_globals for similar reasons.