What are the reasons behind disabling cURL for security?

Many hosts use to disable cURL because of "some" security reasons.

I'm look开发者_JAVA百科ing for these reasons. A quick google lookup didn't give me an in-depth information.

Many infections (especially botnet types and some admin-shell types) that abuse arbitrary code execution vulnerabilities will inject a small payload script that then uses cURL or wget to download further instructions and configuration. It may be for blocked in attempt to limit the impact of these robotic attacks.

I remember there were some bugs in cURL with PHP version but it was long time ago and all used PHP versions now have no cURL exploits

I guess, real reason is not security, but rather financial ;) Once you pay them - there is no problem with cURL anymore.