The restrictions on soft and hard links are long overdue. This will eliminate hordes of vulnerabilities - perhaps 20%. Unfortunately a denial-of-service attack is still possible against software which uses predictable filenames in /tmp.
Clashes of filenames are the primary reason why directories exist; each user or each program doesn't have to worry about picking a globally unique filename because it can have its own directory isolated from the others. It's a pity this lesson, otherwise widely followed in the Unix design, was ignored when it came to picking a place for temporary files. Per-user temp directories would go further still to fixing these bugs. Yes, every single program can jump through hoops to pick a unique filename and retry if necessary; but why should it have to, when directories have already been invented?