The "through the web code" capability for Zope 2.0 up to and including 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
zope zope