Very interesting discussion.
Opc.three, you did bring up a few good points, but this isn't one of them.
opc.three (4/3/2013)I understand how xp_cmdshell works but if it's made available in my environment that won't necessarily stop a developer from abusing it in an application design capacity,
There definitely a danger of exposing this in applications, especially to developers, but the main point I was asking about was administrative issues. If someone already is a sysadmin, and potentially can run unsafe code in PoSh or some other scripting language, is xp_cmdshell worse? I'm not sure it is. There is a potential issue for injection attacks as TravisDBA pointed out, but I'm also not sure those attacks couldn't be sent through PoSh as well.