Scary Code Department

What could possibly go wrong with this snippet of PHP code from a
web-based CMS? Ignore the lack of error checking...

function publish_page($ID) {
        $page = $this->render($ID);
        $path = $this->div_path($page[1]);
        $file = $path.$page[2];
        # Write file
        $handle = fopen($file, "w");
        fwrite($handle, $page[0]);
        fclose($handle);
        chmod($file, 0666);
        $user = $this->auth->user;
        $this->db->q("update pages set published=now(), user='$user' where id='$ID'");
        return "$page[3] published...<br>";
}

Yup, it's a well-behaved CMS that publishes your files and makes
them world-writable.