@Darjeeling
I do realize that local doesn't mean physical access, but it is common Linux security knowledge that you shouldn't run applications as a privileged user. The only applications are those that are common user applications, such as web browsers, image editors, or entertainment applications. But even than, you can have issues, because people could exploit those very applications, althogh that has got nothing at all to do with the Linux kernel itself really.
However, if you're running a web server as root with public access and no firewall, then you're kind of asking for trouble as well. At least run it as a non-privileged user without shell access, such as www with /bin/false as shell.
Again, non-related to the Linux kernel. For this security issue to ever be a problem, you would need applications running as non-privileged to be exploited first, and then have them send the required data to the kernel. The likeliness of this happening is very low.
Don't get me wrong, this is a problem that needs to be adressed, and the SliTaz kernel needs patches for this hole, but for it to even happen you would either need someone to specifically target your version of software, find a non-plugged vuln., and then gain access through the running applications to the user account to inject said data and somehow gain privilege escalation. When the applications are spawned as childs owned by the user themselves, there shouldn't be any privilege escalation to do, but it may be possible through other exploits too.
Again, kind of unlikely and mostly related to application errors, rather than actual kernel issues.