It's surprising how resilient the /tmp/foo.$$ idiom is, given the known symlink attacks. In their defence, most likely the developers felt that in a mere configure script it didn't matter - but I think we have to accept that it does matter, since drawing a line between code that matters and code that can be insecure would introduce more problems.
Is there a safe way to make temporary files from shell scripts?
Or, for that matter, can the kernel be patched to add a new permission bit for directories 'allow symlinks', it can be turned off for /tmp, and we're rid of this mess? (I guess hard links might still be a problem though)