It has the distinct advantage of at least being documented ;-). xp_cmdshell is apparently acceptable in some organizations, especially if a proxy is used. My personal preference would be to use .NET routines (either completely outside the database, or using the hosted CLR). I do try to avoid file manipulation from SQL Server (it's a database!)