The behaviour of these functions is affected by settings in php.ini.
|imap.enable_insecure_rsh||"0"||PHP_INI_SYSTEM||Available as of PHP 7.1.25, 7.2.13 and 7.3.0. Formerly, it was implicitly enabled.|
Here's a short explanation of the configuration directives.
Establishing a connection to a server may invoke rsh or ssh commands, unless this php.ini option is disabled.
Neither PHP nor the IMAP library filter mailbox names before passing them to rsh or ssh commands, thus passing untrusted data to this function without disabling this php.ini option is insecure.