The UNIX 'nobody' user is depended upon by both UNIX system services and other software packages to have no rights whatsoever on the system (beyond, of course, the right to execute code.) This means that no files should be owned by 'nobody', and any files that you wouldn't mind exposing to the public shouldn't be readable or writable by 'nobody'. In order to run Zope as 'nobody', 'Data.fs' and other sensitive files must be made readable to the 'nobody' user. Unfortunately, this means that if your 'nobody' user is compromised, the compromiser will have full access to your 'Data.fs' as well as be able to cause other mischief. To protect yourself from this problem, run Zope as a dedicated username on your system. You may even want to run multiple Zopes as different usernames to protect them from each other. The key is that nothing that is not a part of your Zope process should ever come even close to having the rights to access your important files.