For example, you work with Squid. If someone wrote a log parser that called some bash script with the content of the URL as an env var, you�d potentially have problems.

Same if someone wrote an auth handler that set the username in an env var and then called a bash script. This is perhaps unusual, but is reasonable - perhaps some 3rd party auth database provides scripts that can be used to authenticate users.

Alternatively, you work with qmail, and one of your users has a .qmail file to handle mail delivery which calls any of the normal mail delivery tools, such as procmail.  I send an email to this user with the MAIL FROM set to a bash function definition.  qmail passes the �MAIL FROM� address into this as an environment variable called SENDER.  And we�re done.