When one does not want to admit of being wrong he's resotring to personal attacks.
I can clearly see the point. And I spent most of my working time in environments with badly managed security restrictions.
And I used this back door not once.
I just do not see how having xp_cmdshell will stop me from doing exactly what you are trying to prevent - reading from folders which I cannot read and SQL Server can.
The only thing I need to do to overcome your "barrier". or "layer" is to run sp_configure command+reconfigure.
As Jeff pointed it will take less than 3 ms to complete.
If you wish, I could disable it back, to prevent raising an alarm by somebody who's checking the system settings.
So, what do you achive with disabling xp_cmdshell?
Except, of course, false sense of security.
_____________
Code for TallyGenerator