It seems clear (to me at least) that thinking in terms of a command line, a string of characters, can lead to problems and that thinking in terms of an argument vector, a list of character strings (the argv parameter to main()) is a robust way to avoid those problems. At the very least, if a command line must be involved, it should not be tampered with unaided: leave it to the shell, or to wordexp(), or at the very least make sure that you are replacing known strings with known strings.
The moral of the story, then, is that the POSIX committee spent a lot of time thinking about these types of issues when they drafted the specification of wordexp(), and so we should learn from their wisdom.