The short answer is yes, xp_cmdshell is a dangerous object to enable. There are several ways around using xp_cmdshell, and it would be worth your while to research your alternatives.
Karl Lambert
SQL Server Database Administration
Business Intelligence Development