A number of standards (C89, POSIX, etc) had similar functions and people quickly learned it is not secure to generate temporary filenames until they are confirmed created (not merely opened). For example, an attacker may create symlinks in a race pointing to an arbitrary file the user owns that he wishes to corrupt. Boost may guarantee a unique filename, but there is a split-second before we open that file for an attacker to set up a link.

This was fixed by mkstemp which ensures the file is newly created securely. We should do something similar.