Depends on how paranoid you are, and what kind of things you're exec'ing. For example, if you're doing something like:

<?
$username = $_GET['username'];
system("echo \"Hello\" > $username ");
?>

Pretty basic, and innocent. Now, if you don't clean up the inputted data, you could get something like this:

Imagine I put in:
www.wherever.com/myscript.php?username=whatever;rm%20-rf%20/path/to/my/wwwroot

Your system call is now interrupted, because that ';' tells your shell to finish up the first command, then execute the second command, which is rm -rf your whole site.

That's just the way I feel about it, at any rate... avoid them at all costs, if you can. Sometimes you can't get around it, for sure, but you have to weigh the risks.

My 2 cents.

MM

[edit]
You could look at configuring php.ini some more with: safe_mode_exec_dir [ca3.php.net], and placing all the binaries you want to run in that directory... Maybe...

system, exec, passthru and the like are very dangerous functions as Mr. Moose so deftly pointed out but they can be used as long as they are very tightly protected.