CVE-2016-10151: Use secure_getenv() when it's available. Factor out logic that attempts to only consult the environment when it's safe to do so into its own function, and use secure_getenv() instead of getenv() if it's available.
CVE-2016-10152: Remove hard-coded defaults for LHS and RHS. Don't fall back to using a default LHS or RHS when the configuration file can't be read. Instead, return an error.
