"system( )" is granted the same rights as your program. Because "pause" is a common command, malicious code can replace the "pause" executable with another malicious program. And when your program executes the "pause" program, it executes the malicious program which has the same rights as your program. No good.
Try it! Create a simple program and replace "pause" with it (keep a copy of "pause" first). Then, execute "pause" from another program. You'll realise just how vulnerable your program becomes with "system( )".
It is not insecure if you use it correctly; sanitize the shell execution envirionment, sanitize the command string, and make sure that the command that you are executing cannot be spoofed.
Doing this is somewhat hard, so
Do not call system() if you do not need a command processor
Because "pause" is a common command, malicious code can replace the "pause" executable with another malicious program. And when your program executes the "pause" program, it executes the malicious program which has the same rights as your program.
I'm pretty sure this won't work, not even on Windows 98.
pause is a command, not an executable. Unless you do system("pause.exe");, you should be safe.