petl before 1.68, in some configurations, allows resolution of entities in an XML document.