IMO it’s just a demonstration why you don’t write complicated or security sensitive code in shell script: it’s basically impossible to get right, there’s pitfalls around every corner and it’s extremely difficult to check for mistakes.
I wouldn't say there are too many pitfalls. Quote all variables (acme.sh seem to do well on that part) and don't use eval (probably the reason for this problem).
