The analogy is - you're locking the door and leave the key in the door.

It's right there - in the lock. Whoever who could open the door can turn the key as well. Any time.

It's even worse than leaving the door unlocked.

Because you get honest people tempting.

It's a human nature - to test the boundaries. You add another boundary - and you draw people to push it, even those who would not think about it before.

Logic is simple - if they start to lock the door there must be something valuable behind it.

I better go check.

And I'll put some effort into making sure you can never know about my "visit".

Some could even consider doing some damage to the system just to show stupid is the attempt to lock the system this way and prove the incompetence of the one who suggested it.

I'd say even honest people could find this reason good enough to go where you do not want them (and they did not want themselves) to go.

And for rogue employees - it's just a gold mine!

Best part - they can lock the door after doing the deed - so you won't be looking there to find out what's happened.

OK, enough about the negative outcomes.

Can point on a positive side of disabling xp_cmdshell?