Because gnuplot has a shell escape (try `!ls' at the gnuplot> prompt)
the GnuplotServlet has to be very careful with what it excepts.

One can always type in the location:

http://server/servlet/gnuplot?plotFunction=x;%0A!touch+%2Ftmp%2Fhad

which if executed by gnuplot creates the file /tmp/had. 

Unfortunately, beside being the shell escape, `!' is also used for
factorials. 

Unfortunately, `shell' is another shell escape.

Hence the notShellSafe method.