Specifying this on the command during ofbiz startup is a security problem. Anyone could then connect to the port, and issue commands to ofbiz(mostly, stop, which would be a DoS-type problem).
I'm thinking about a -Dsystem.props=/path/to/file/with/system/properties kinda thing, with permissions set so that non-ofbiz users can't read it. This would close this particular hole. If I do that, would it be something accepted for the release branch? Obviously, I'd need to create the fix/patch first.