We use glob() to detect plugins. The alternative is not something I want to maintain. (opendir(), etc.)
safe_mode is something that breaks a lot of software, unfortunately. It isn't very subtle or delicate in terms of the way it secures PHP--disable everything potentially dangerous.
As for coding around it, I removed the compatibility version (Because we stopped supporting PHP3).
That is not to say that it couldn't be added back--it's just something we hadn't considered.
Of course, I could just use
http://us3.php.net/manual/en/function.glob.php#71083 for it.
Just file a bug so I don't forget.