And then there's the problem of people calling it like this:

$ myscript.pl ' ; rm -rf ~'
[download]

Blindly passing unchecked user input to a command is a very bad idea unless you know that the code will only ever be called by trusted users. Even then, checking is generally good to guard against user error.

(Granted, in this simple case, the calling user can't convince it that easily to do anything that they couldn't do from the command line anyhow unless myscript.pl runs SUID or the like, but the principle remains.)