I would not consider this function itself as security risk. Gallery scripts and such needs this function enabled.
Gallery scripts need a lot of functions enabled that "sysadmins" want to tell you to disable.
Rather than disabling php functions, your best answer is to secure the server so that this stuff can't be abused, but you can use the functionality of php.
WHMCS Guru - WHMCS addons, management, support and more. WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
Linux Problems? WHMCS Issues? +1-866-546-8914 (linux-14) or @whmcsguru on twitter!