1 It's not that it's executing the environment variable, it's a failure in parsing the environment variable.
2 Fortunately, in this specific example, I haven't tricked you into giving my file an execute bit, so it won't actually run.
3 Or if I'd convinced you to run "unzip python tmp/totally_not_an_attack.zip" because you weren't properly quoting your arguments to unzip?