This tool will write into ../ when the server gives an URL with /../ in it. This is a security flaw.

On the other hand, if ../whatever/ doesn't exist, it crashes the application with IOError: [Errno 2] No such file or directory:. It doesn't create missing directories as needed. This is a separate bug, filed as #8.