Stefan shows how shared hosting environments could lead to security threat to your site, allowing another site on the same host to hijack cookies from your site.

Within a shared hosting environment it is sometimes quite often possible to bind yourself to some high TCP port and accept incoming connections. Sometimes this is possible because you also get a shell account on the box and sometimes because dangerous PHP functions like stream_socket_server() are not disabled in the configuration. Unfortunately the ability to bind yourself to a port and receive connections is a threat to webapplications installed on different virtual hosts on the same IP, even if other security measures in place, like tight filesystem permissions or executing PHP script with the permission of the owner.

Link: Cross Virtual Host Cookie Theft - PHP Security Blog