Getting rid of xp_CmdShell was your original desire. Where I work I try to take a slightly different POV, which may help.
My private belief is not to do things that I don't have to do. As a result, when I had a request for a report that would tell users the status of a bill I found that I needed to determine whether the bill had an associated Image. If not, it was going to have to wait. Of course, xp_cmdshell was the obvious candidate for looking out into the file system, but the users running the report would not have permission to use xp_cmdshell !
So, I have the query for the report pull info about images from a table, and another SP feed that table. The second SP runs in a DTS job, every hour. The users agreed that they didn't need up-to-the-minute info - hourly would be fine.
In this way I've insulated the use of xp_cmdshell from prying outside eyes !