Could everyone just stop producing these modules? If your webserver can write files that are executed by the webserver, that's a security risk. If there is a minor exploit, this can turn it into a critical one. The proper way to do is to use FTP/SSH/whatever wrappers of PHP5 to FTP/SSH back to your server and thus write files over. Never store the password, ask it each time. This way security is kept and yet semi-automated updates are possible.
which modules are we to watch out for, that use this?
There are no modules to watch out for. Modules should not have anything to do with upgrading. (Except for telling you that there's a new release, like update_status does, and that you should update it yourself.)
or did i miss the point? i think so.
well whatever, i prefer SSH plus version control system :)