Please could someone tell me why AUTHENTICATED_USER was deprecated in favour of the python security module? A quick google says "because it can be replaced"..but this isn't really a good in depth explanation? If a request was manipulated to include another AUTHENTICATED_USER, wouldn't Zope just error out anyway? Cheers