However, this practice is strongly discouraged for security reasons: Web application configuration files may impose security constraints on a servlet, and allowing users to call it directly can be a “back door” into the application. Drawbacks of Servlets Although servlets are an improvement over CGI (especially with respect to performance and server load), they too have drawbacks.
CGI suffered from several drawbacks: ❑ Each incoming CGI request required starting an operating system process. ❑ This process would then load and run a (CGI) program. ❑ Tedious and repetitive coding was needed to handle the network protocol and request decoding. The first two operations in the previous list can use a large number of CPU cycles and a lot of memory. Because both operations must be performed for each request, a server machine could get overloaded if too many requests arrive in a short period of time.
Professional Apache Tomcat 6 by Vivek Chopra, Sing Li, Jeff Genender