Found this article while going random browsing, the original article is from Linux.com with JC Lima reccreates it, with example. Definitely worth reading
At first it did not make a lot of sense since unless you have the file open, this will not work. How likely are you to have the files you just deleted by mistake still open?
Well, not very likely. BUT…if you own a shared hosting company, (or if you are the system administrator of one), you know that often someone will have poor code along with allow_url_fopen turned on, and in no time you will have hackers injecting and running scripts on your server.