These privileges would give you control over every SQL Server instance, and if XP_CmdShell was enabled, then you could control the machine.
I disagree not about controlling the whole machine but with the suggestion that having XP_CmShell turned on causes any sort of a problem. Specifically, you're talking about someone breaking in with an "sa" prived account. Whether or not XP_CmdShell is enabled or not, you've just let someone in with "sa" privs and they can turn XP_CmdShell on just like any other "sa" prived person can. In fact, any hacker hell bent on gaining such access will be expecting XP_CmdShell to be turned off and will turn it on without missing a step.
XP_CmdShell is not the problem here. Poor security is the only problem here.
--Jeff Moden
Change is inevitable... Change for the better is not.