Sounds like you're putting this in a timer. This exploit can be used to run arbitrary code on your computer. You should wrap all user input in $unsafe().