Toby Dickenson writes:

Lets put it in a context... suppose the example dtml was part of a search results page on www.zope.org. The element of the sequence might be one of my HOWTOs.

I am free to add any property to my HOWTOs. Therefore I can break the dtml if I know what prefix it is using, by adding a property with the appropriate name.

Everything is fine if you are happy with level of robustness, but please remind me never to trust important data to your application. Is that not a standard problem in the Zope context?

If you access any object via acquisition or the DTML namespace, then the definition of a new property can break code: the property may be retrieved rather than an object formerly acquired, looked up deeper in the namespace. Dieter