You still have to be careful though. CGI scripts were (are?) suseptible to the shellshock exploit [1] if they were written in shell (or used the C function `system()`). I had to work around that for a few of my scripts at the time.

[1] https://en.wikipedia.org/wiki/Shellshock_%28software_bug%29#...