In the past, exploits could easily change anything on the server. With Filtering Enabled, scripts must find "vulnerabilities" to bypass these protections: