Good explanation of the bug, but sadly no details on how they tracked it down.

argv getting GC'd is surprising, isn't it implicitly part of the environment?

The script isn't execve'd, but read by ruby, and the shebang parsed to get the parameters. So it's not actually ruby's argv, but just the argv from the parsed shebang.

Hmm, is that because ruby is able to analyze the program statically and determine that the variable isn't referenced?

It'd surprise me!