Some hosting environments use a simple form of
"protection" whereby you are denied access to any file
called phpshell.php or shell.php.
This kind of "protection" only gives a false sense of
security since you can rename phpshell.php to, say,
happy_sunshine.php and then continue to use it...
So SECURITY should be updated with information about
this possibility. This is meant both as a reminder to
administrators of shared web hosts who might think that
blocking access to phpshell.php is enough, and as a tip
for people who want to use PHP Shell dispite the wishes
of the administrator.
In general, SECURITY should contain more information
about how one can block applications like PHP Shell.