This is a very nice example. However, you shouldn't have declared $cmd lexically--doing so means that your example isn't very dangerous at all. :)

Because that for loop overwrites $main::cmd... not the lexical $cmd that you've already defined. When you use $cmd w/o using a package qualifier, you're using the lexical $cmd, if one exists--and one does exist, in this case. So you're still just doing

    system "ls";
[download]

Make your $cmd a package global, and then it's dangerous again.

Of course, your point is made either way. :)