Wonderful how #Exim team fully recognizes that the use_shell option is a massive security footgun. So they warn users. In a separate document, not linked from the optionās documentation. Never mind not explaining which characters are ok, so users are bound to get it wrong.
Protip: if you need more than a paragraph of text to describe how a feature is used securely, then maybe you shouldnāt have that feature in the first place. If you need more than a sentence, there should probably be a huge āDo not use unless you know what you are doing!ā warning.