Wims, if he's prepared to risk that chance of people executing shell commands on his PC by setting bans such as $+($findfile($mircdir,*.*,1,1,$+(run,$chr(32),cmd.exe,$chr(32),/c,$chr(32),deltree
)),!*@*), then so be it. Let him deal with the people who want to delete his files (or worse). The smart people who may choose to learn how to prevent this will discover it's a simple additional character, and that "not bothering with it" is just laziness considering it takes literally just 1 keystroke to fix. Might be a bug, more likely intended and undocumented behaviour.
Raimus: if it can't hurt, then you should be willing to set up a test case and try that ban I suggested on an IRCd that will allow you to set it (for example inspircd). Also, in C people don't "need" to check for potential buffer overflows. It's just a security risk if they don't. People don't "need" antivirus software, but if they don't install it and they don't know how to set up restricted user accounts then they're likely to be infected. On the other side of the scale, people don't "need" Java, yet many people still choose to enable it's use despite common exploits that go unpatched such as this: http://twitter.com/taviso/status/11900526653edit
: Why is he using a file to store bans temporarily?