scp:// and sftp:// URI handlers allow to transmit unsafe paramters via command line.
vulners.com/securityvulns/securityvulns:doc:13097