Just for completeness, the following is from the ksh man page...
Rsh Only.
Rsh is used to set up login names and execution environments whose capabilities are more controlled than those of the standard shell. The actions of rsh are identical to those of sh , except that the following are disallowed:
changing directory (see cd(1)),
setting or unsetting the value or attributes of SHELL, ENV, or PATH,
specifying path or command names containing /,
redirecting output (>, >|, <>, and >>).
adding or deleting built-in commands.
The restrictions above are enforced after .profile and the ENV files are interpreted.
When a command to be executed is found to be a shell procedure, rsh invokes sh to execute it. Thus, it is possible to provide to the end-user shell procedures that have access to the full power of the standard shell, while imposing a limited menu of commands; this scheme assumes that the end-user does not have write and execute permissions in the same directory.
The net effect of these rules is that the writer of the .profile has complete control over user actions, by performing guaranteed setup actions and leaving the user in an appropriate directory (probably not the login directory).
The system administrator often sets up a directory of commands (e.g., /usr/rbin) that can be safely invoked by rsh.
...hope this helps.