5.5.4. Do Not Remove the IncludesNoExec Directive
By default, the server-side includes module cannot execute commands. It is ill advised to change this setting unless absolutely necessary, as it could potentially enable an attacker to execute commands on the system.