Basically I think this concern is reasonable, and the fact that the
behavior of a NVP is non-deterministic has bothered not a few
people in the XML process; there's even an appendix in the spec that
talks about this.
As a registered minimalist, it never really bothered me, because I
have always thought that external entities were pretty bogus outside
the authoring arena anyhow, and anybody who sends anything across the
wire had better either:
(a) guarantee no external entities, or
(b) potentially have external entities AND specify use of a validating
processor
In both of these scenarios the behavior is completely deterministic.
I think that anyone who sends XML across the wire and uses external
entities and does not specify a validating processor has rocks in their
head and deserves what they get.
One extrapolation from this argument is that external entities are
bogus and shouldn't have made it into XML. I believe this, but only
about 48% of the time.
Another extrapolation is that we should decree that NVP's *never*
read external entities. But in the authoring situation, having
an NVP be potentially able to read something like
<book>
&chap1;
&chap2;
</book>
is handy enough that it seems senseless to rule it out just because
it opens the door to really stupid behavior, viz. sending external
entities over the wire without specifying a validating processor.
-Tim