I find it convenient to use xp_cmdshell to do things like execute NET or DOS commands for informational purposes, like in environments where the host server doesn't allow RDP connections.
Even when enabled, it's not usable by non sysadmin logins by default, and you have to explicitly jump through hoops to grant access. If your non-DBA users do have sysadmin privillage, they'll simply enable it themselves and then use it. If you tick them off by disabling xp_cmdshell, they'll simply drop your login. The bottom line is: don't grant non-DBA users membership in sysadmin role. Just follow that basic advice and a lot of these issues raised in forum discussions here simply won't be an issue, at least not for your organization.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho