I've noticed that \Symfony\Component\Process\Process::escapeArgument does not use php's native escapeshellarg function, but rather implements escaping in userland. That does not take advantage of potential security fixes in PHP itself.

Is there a reason why it's not using it?