MAIL() Security

[theflea912]

Let me try posting again because me last post couldn't be found or whatever. So I have a form. I than have a script that mails me the form. The script looks like this:

An email has been sent to the Director of Human Resources.
Thank you for apply, you will hear back in a bit.

<?php
$body = "Application Alert!\n\n";
foreach($_POST as $field => $value) {
$body .= sprintf("%s = %s\n", $field, $value);
}

mail("[email protected]", "APPLYING PILOT!", $body,
'From: "APPLY" <[email protected]');
?>

My friend at least acts like he knows what he is doing, and told me that somebody could delete all the files on the webserver by useing a UNIX command. Is this true?