Without this, the `logical_path` only grabbed up up until the first period encountered. So if you happened to have a file like `jquery.mobile-1.0.1/jquery.mobile-1.0.1.js` it's logical path was being interpreted as just `jquery` instead of `jquery.mobile-1.0.1/jquery.mobile-1.0.1`.
respond_to?. This only impacts trunk ruby, but will be included in Ruby 2.0. https://bugs.ruby-lang.org/projects/ruby-trunk/repository/revisions/34580
The `forbidden_request?` check could be trivially bypassed by percent encoding .. as %2e%2e. After auditing Sprockets and Hike and fuzzing a simple server, I don't believe this is exploitable. However, better safe than sorry/defense in depth/etc.