What is the .sql file doing? Why are you wanting to execute SQL from a file in a (shared) file path? Is it so that it can be dynamic? Is it procedurally generated perhaps? There are far safer ways than just executing a .sql file. Like John said, if anyone has access to modify it, they could easily do a huge amount of damage.
+ 1,000,000 to that!