The wildcard expansion (*) in Bash scripts doesn’t get pushed to the command, but is instead expanded in place. This means that files named like command-line switches will be interpreted as command line switches. This can be used, for example, to exploit sloppy tar-based backup scripts.