The vulnerability is only exploitable when fetching an FTP directory, recursively, from a malicious server.
Yeah, it's a hole, but it's not shellshock. Stop bitching around and just update your box.
A few months ago I had this project that consisted of nearly 200 controllers and 100-150 directives / modules (AngularJS)
Tell me how bad is it?
The asset pipeline compiled this to a single file in production, which was some 300K. I agree that this is a heavy load, but we're talking regular website, not a mobile one.
No you don't, they actually resolve the target links, at least for the common URL shortener services.
Well then, this gives one the opportunity to DDoS either URL shorteners or MSN servers. Imagine a 1,000,000+ shortened URLs within 5 minutes - make a HEAD request for each, now that's a flood!
The reason why worry kills more people than work is that more people worry than work.