Wow, some serious drug abuse in this thread, I see! If you guys are going to start popping the stuff with the 37 letter IUPAC names, you could at least send a bottle of it to iXsystems out of courtesy. :)
The availability of a CLI is actually likely to have more the opposite effect of what cybergreco is worried about.
Currently, if you pop up a shell window or ssh into the box, you're sitting at a Unix shell prompt as root. No seat belts. No restricting the less-than-Unix-savvy user to only those commands necessary to admin the box vs destroy it or cause unintended side-effects. No logging of the commands actually performed for forensic analysis ("You said you did something at the command line? What??" "Nothing. Honest!")
The CLI is not a shell prompt. The CLI is a very restricted environment that merely feeds the Middleware the same sorts of commands that can be generated via the GUI, validates its arguments as the user types them and rejects anything that doesn't make sense, and has the Middleware itself as a last line of defense - if the user attempts to do something in the wrong sequence, or does it without backing up certain key resources first, the middleware can either reject the operation or do helpful things behind the scenes to enable potentially bad decisions to be rolled back. Needless to say, everything done at the CLI is also logged and subject to the same interlocks and privilege checking that things done via the GUI are since, again, they both go through the same Middleware agent.
So, in short, the user can administer a box via the GUI, the CLI or the (ReST) API and it all goes through the same funnel point and is subject to the same validation, authentication, logging and documentation assistance. That is WAY better than what you have now - a /bin/sh prompt and the ability for the user to hang themselves in bizarre ways even we haven't discovered yet.