Basically, it's a single account. If any user has privileges to execute xp_cmdshell and that user is not a member of the sysadmin fixed server role, then the action will be executed as the proxy account. This can cause a problem if the proxy account has more rights than the user executing xp_cmdshell normally has.
Also, xp_cmshell can be used for reconnaisance should the SQL Server be compromised. In order to see/start the job, the web user must own the job or be a member of the TargetServersRole (this role is undocumented and unsupported). That means the web user can modify the job. If so, the web user could potentially add a step that did something like:
net group "Domain Admins" /domain
And if the proxy account is a domain account, the attacker now knows what user accounts are in the domain admins group.
Would it be better to set up a polling job? Here's how that would work. There's a status table that gets checked by the polling job. When the web user requests the import, an entry gets inserted into the status table. The polling job would see that entry, erase it, and then kick off the DTS package. There would be no tie from the web user to xp_cmdshell, no reason for the proxy account, and no job ownership by the web user. This, of course, depends on how frequently such an import can be requested.
K. Brian Kelley