be carefull also with '-' and '+' chars. If you allow them, user could turn arguments in command options, i.e. '-foo'.

Most Unix programs allow the double dash ('--') to be used to stop option parsing, so instead of ...

system 'foo', $arg;
[download]

... it's better to use ...

system 'foo', '--', $arg;
[download]