As explained in the manual, the /e modifier actually evaluates the text the regular expression works on as PHP code. The example given in the manual is:
$html = preg_replace(
'((.*?))e',
'"" . strtoupper("$2") . ""',
$html
);
This matches any "XXXXX" text (i.e. headline HTML tags), replaces this text with "" . strtoupper("XXXXXX") . "", then executes "" . strtoupper("XXXXXX") . "" as PHP code, then puts the result back into the string.
If you run this on arbitrary user input, any user has a chance to slip something in which will actually be evaluated as PHP code. If he does it correctly, the user can use this opportunity to execute any code he wants to. In the above example, imagine if in the second step the text would be "" . strtoupper("" . shell('rm -rf /') . "") . "".
