If an attacker can trick root or even another user into running a command, they will be able to gain access to data or privileges they shouldn’t have. One way to trick another user into running a malicious program is to create an alias to some other common program (e.g., ls).
The leading , which suppresses alias expansion, is very important because without it you can do evil things like this:
$ alias unalias=echo $ alias builtin=ls $ builtin unalias vi ls: unalias: No such file or directory ls: vi: No such file or directory $ unalias -a -a
3.14.70.203