Server side includes (commonly known by their abbreviation SSI) are one of the dirty hacks committed by the NCSA httpd team, inherited by Apache.

They provide very useful functionality but do so without any concern for safety.

With SSIs you basically have holes in your code (usually, but not necessarily, HTML text) that may be filled with arbitrary text at runtime. The holes may appear in arbitrary places within your text: this already makes it hard to guarantee syntactically well-formed output. With the exec or cgi directives, the range of possible resulting content isn't even predictable from the text of the directive: it entirely depends on what the called executable happens to do.

So while SSI allows HTML to be composed from smaller pieces, and to be shared between documents, it doesn't really support doing this in a structured way. A better approach would allow static syntax checking of the output formats. It must be said that HTML doesn't really lend itself well to this kind of composition.

This is one of the reasons XML is fundamentally superior. With XML you can share and combine document fragments in a controlled way.