The problem is the global temp table. Here's what Microsoft says about global temp tables in SQL 2008 (the version I'm currently using) :
Global temporary tables are visible to any user and any connection after they are created, and are deleted when all users that are referencing the table disconnect from the instance of SQL Server. [Link]
So what this means is that once I populate my temp table anybody can look at the data. Not good. I realize that if it's not sensitive data, it's not a big deal. If I use it wisely there shouldn't be a problem. But, once I put it in a stored procedure someone else may want to use it, and they may not realize that this is insecure. I bet this is how security vulnerabilities happen.
Before you flame me, I realize that there are security concerns about the use of xp_cmdshell but those can be mitigated by proper control of the sysadmin role.
More on BCP, if you are interested.
Read this entire thread if you are interested in learning more about xp_cmdshell security issues.