Because if $path is obtained from user input or an input file, or otherwise not under your control someone could execute code with the permissions of the person executing the script.
If you are using bash 4 or you could switch to ksh93 then an alternative might be associative arrays:
Thanks Scrutinizer and Corona. However, how do you implement "read" to do this? I've been playing with it and reading about it but can't find anything about this usage.
...should put the string "string" into the variable named abcdef.
This is how it's often used:
read VARNAME
...but note that it takes a variable name -- a string -- not the variable itself. You can feed it whatever string you please, derived from whatever variables you please, and do things that would otherwise require ugly insecure eval hacks.
You can redirect into it any way you please. <<< is an ordinary redirection in BASH which replaces stdin with a string.
But this method would also have its security risks, but on the left hand side, no? One must control the contents of variables A and B...
*edit* To elaborate: I came across this page
The same applies to the read $var construct. I tried this also in ksh93 and then there is an error message ( arithmetic syntax error ) and the code does not get executed..