Does enabling shell_exec in php.ini always pose a security risk? Or can it be done safely?
I'd argue it is always a risk -- the damage an attacker can do with the ability to execute arbitrary shell commands is immense. This risk can be abated by being religious about input sanitization and making sure that PHP runs in a restricted context. But I would not open the door if I had other options.
Yip I disable that when setting up a new server. Anything that can execute shell scripts is a major risk