When one does not want to admit of being wrong he's resotring to personal attacks.

I can clearly see the point. And I spent most of my working time in environments with badly managed security restrictions.

And I used this back door not once.

I just do not see how having xp_cmdshell will stop me from doing exactly what you are trying to prevent - reading from folders which I cannot read and SQL Server can.

The only thing I need to do to overcome your "barrier". or "layer" is to run sp_configure command+reconfigure.

As Jeff pointed it will take less than 3 ms to complete.

If you wish, I could disable it back, to prevent raising an alarm by somebody who's checking the system settings.

So, what do you achive with disabling xp_cmdshell?

Except, of course, false sense of security.