Command injection vulnerability
It exposes the password to the process table, and is vulnerable to command injection if used in the context of a RoR application. The #{@username} and #{@password} variables aren't properly sanitized before being passed to the command line.