By default "completion" module does unsetopt CASE_GLOB. This completely breaks performance, see my comment on this issue: nix-community/home-manager#2255 (comment).

This option is also harmful and could result in privilege escalation.
Assume I add path /a/b to fpath and some module/script sources scripts from this fpath. If unprivileged user has write access to /a, but not to /a/b, and a sticky bit is set on directory /a, then it could create directory /a/B, and any glob that uses fpath, would also match paths in attacker-controlled directory /a/B. Though this scenario is a bit theoretical as such setup of privileges seems unlikely on any real system.