This PHP Snippet caught me out today:
<?php $data = array(`paswd` => 'test'); print_r($data);
Notice the backticks around the array key? These automatically try executing the key as a shell command, in this case, trying to change the password of the www-data user. A simple typo, but nevertheless, a gotcha.
This is documented at http://php.net/manual/en/language.operators.execution.php