Zope's http implementation is *not* *robust* enough to be exposed to the raw internet. It has a number of serious, and fairly obvious denial-of-service vulnerabilities.
Toby, are these vulnerabilities in the collector? If not, and you've got the time, could you put them in there?
Some of them were in the old collector. I dont think it would be humanly possible to list them all. Its more than a few bugs which individually may be fixable... Zope's http layer simply wasnt designed with this kind of robustness in mind, and its only a small exaggeration to say that *everything* is wrong. Also, Im not sure its worth the effort. This isnt the only compelling reason for using a font-end proxy. Using a proxy makes this problem a non-issue, so why bother fixing it?