I think $IN->param('Category') can be removed. I just looked further up the thread at the tag structure (which I hadn't seen before) and he is wrapping the global with:
<%if Category%>
...and then if that returns true then he's passing the category into the global. As $Category is the same as $IN->param('Category') then it becomes redundant.
$select contains the same value as $IN->param('Category') - $select is just as insecure :)
<%if Category%>
...and then if that returns true then he's passing the category into the global. As $Category is the same as $IN->param('Category') then it becomes redundant.
Quote:
Since $select is what you are shifting off the stack (what was passed in) and if nothing was passed in, default to the <yecch> $IN hash for some potentially corrupted or weird value .$select contains the same value as $IN->param('Category') - $select is just as insecure :)