[Zope] Security and resposability

[p.t.]

I'm in some troubles with two problems: one is concerning session and the 
other security.

The session problem is connected with references maintaned in items 
(specifically dictionary) stored in a session to the original objects.
The list helped me to understand that copy() and deepcopy() exist: this 
could have solved the problem. However, the Python module copy is not 
loadable for security resons.

Some time ago I had the necessity to evaluate a string, that could be done 
using eval(). However, eval() is not usable for security resons.
Both situations can be overidden using an External Method "safe_eval" (as 
pointed out by Dieter Maurer in an answer to my thread dictionary 
definition and strings on 4 Apr 2002).

Now, I would have no technical difficulties doing that, but, for a 
"political" decision of the institution using the product, everything 
developed must be usable with the current "standard" version of Zope, 
without modifying even a comma on the original downloaded files. This means 
no External Method "safe_eval".

Now, my question is: why limit the usage of methods like copy(), deepcopy() 
and eval()?
The usual answer is to rise the security treshold.
OK, but this is also an "a priori" limitation of developer responsability.
I believe that I understand the troubles an evaluation of a client query 
could produce.
But can some guru explain to me how an hacker could produce crashes or some 
other sever damages if I use such methods to evaluate an internally 
generated string or deepcopying an internally generated dictionary?
Sorry for the long message.
	p.t.