Someone correct me if I'm mistaken, but doesn't this exploit depend on programs not validating input?
Yes, but the program failing to validate the input is bash itself. Not your code.
As soons as you get to #!/bin/bash you're exploited. Doesn't matter how careful your script code is.
This is really, really bad. Does your home router have any cgi scripts that use bash? This remote exploit can be triggered with a query parameter.
I don't want to be young again, I just don't want to get any older.