Unfortunately, inline DTDs can be abused by a malicious user if you fail to configure your XML parsing library properly. Let's see one example of this, called the billion laughs attack.