Though, yeah shelling out to an arbitrary command on the system is a bit scary -- does the Python stdlib currently do that anywhere?
Here's what I found by grepping the sources for uses of os.system and subprocess:
* pydoc shells out to "more" on win32 and "less" or "more" elsewhere if no pager is configured. Incidentally,
it passes the docs to the pager via a temp file, with the comment "pipes completely broken in Windows" - is this left over from the Win9x days? Also the temp-file code runs the pager with os.system instead of Popen, and doesn't properly quote it.
* ctypes.util has a ton of hacky code for finding libraries, which includes calling out to gcc, cc, ld, objdump,
/sbin/ldconfig, and /usr/ccs/bin/dump on various platforms.
* platform.architecture() calls file and ad-hoc parses its output, except if sys.platform in ('dos', 'win32', 'win16'). On those three platforms it seems to be totally broken, always returning the pointer size of the current Python process no matter what executable you pass to it.
* webbrowser looks for a bunch of specific named browsers. On Windows it'll run any of ("firefox", "firebird", "seamonkey", "mozilla", "netscape", "opera") from the insecure search path that starts with the current directory.