Well, wordexp's purpose is literally to "perform shell-style word expansions", as quoted from the man page. It even supports command substitution if you don't pass WRDE_CMDSUB.
So really, the entire premise of that POSIX function is horrible[1]. Just like system(), which also explicitly executes the given command line using the shell. These functions are not safe to use with untrusted input (e.g. remotely), ever.
EDIT: [1] But arguably only as horrible as calling out to the shell is in general. If you e.g. use it as part of a shell utility that assumes full POSIX-permissioned access to your user anyway, it's not unreasonable because there isn't any privilege escalation at all. Though I'd argue that in the case of system() it's probably more clear to the developer that a shell callout is happening. And also, that the "shell-style" expansion performed here is kinda muddily defined.
OTOH the standard itself mentions implementing the function using shell in a subprocess [1]. POSIX is full of nastiness such as this, hopefully not too many maintained & used software actually needs wordexp.
