No. Shell scripts have the same problem where you're not separating options from filenames and you're often not preventing a single user-supplied argument from expanding into multiple final arguments.
The list-form shell commands referenced earlier are closer, but still don't separate filenames (input) from arguments unless you remember to add "--".
But they do prevent things like pipes, which is a big deal.
I bother : ( Next you're going to tell me that nobody bothers to sanitise input in their SQL queries.
Well, i suppose that's true, in a sense. Maybe the solution is to follow SQL and implement a prepared-query system for shell commands?