I usually use the '-t' option to test tarballs before extracting, usually to see if it has a top level directory or is more of a "tar bomb" i.e. no top level directory (meaning I have to change directories before extracting).
maybe a quicky utility could be writttten to use 'tar -t' to scan for files with ".." in the path, then flag it or something like a malware scanner would.