Treating input as data (good):

    def echo():
        user_input = input('enter some text: ')
        print('your text: {}'.format(user_input))

Treating input as code (VERY BAD, DON'T DO THIS):

    def echo():
        user_input = input('enter some text: ')
        command = "print('your text: {}')".format(user_input)
        exec(command)

The second example allows the user to do all kinds unintended stuff:

    enter some text: '); print(10**2000) #
    your text:
    1000000000000000000000...

(abridged)

That would print however many zeroes the user specified, and use a whole lot of memory. With some creativity it's possible to cause lots of havoc.