Where do I say that reading the command from the user imply they can run any command??? This is not true.
In this case the user cannot run any command, it is a part of an ssh wrapper script and the variable to parse escape-free is $SSH_ORIGINAL_COMMAND