but isn't passing a user-given string to open an invite for the user to do unexpected things to your files?

Uhm, no. The user might clobber a file he already has write access to (probably his own), but that's it; there's no increased risk, his shell allows him to mess up his files already. Unless you run that program suid, but there's no need for that.

Abigail