The short answer is yes, xp_cmdshell is a dangerous object to enable. There are several ways around using xp_cmdshell, and it would be worth your while to research your alternatives.
I have always done this with WMI in a script task. WMI scripting allows you to assign a namespace, and designate impersonation levels, etc. I suggest using integrated security though,...