Securely allowing just one application via telnet

[Anthony Atkielski]

If I want to allow external users to log on under only one permissible
username, which immediately and unconditionally executes only one
program (no shell access), via telnet, what is the most secure way to
set this up?  I've always understood telnet to be somewhat of a
Pandora's box for security, but I don't know if that applies to the
protocol itself, or to telnetd, or if it just refers to the many dangers
of shell access, or what.  If there is a way to secure this type of
access, I'd like to try it on my test server (I won't risk the
production server, of course), as an exercise in setting up custom
environments.

Any suggestions on how best to do this securely?

If a specific user is restricted to a specific program at login (via
/etc/passwd), is there _any_ way he can sneak out to a shell, assuming
that the program he is forced to run does _not_ provide shellout access?

-- 
Anthony