Comment 9 for bug 1520691

Looks like we should move away from shell=True ASAP.

https://docs.python.org/2/library/subprocess.html#frequently-used-arguments
"Warning
Executing shell commands that incorporate unsanitized input from an untrusted source makes a program vulnerable to shell injection, a serious security flaw which can result in arbitrary command execution. For this reason, the use of shell=True is strongly discouraged in cases where the command string is constructed from external input [...]"