my two cents:

SSI just like any other web technology, when used in the wrong way can be exploited. SSI for example can execute system commands. If we think the power a malicious person can do with this ability, the posibilitys are endless. This is why most free web hosts disable ssi. This is not nesisary that they dont trust you, but they dont trust anyone includeing your site visitors. When ssi statements such as exec are placed into a html document, these powers become available. Say you upload a new shtml document to the host, you could be the malicious one. Or you may not be malicious but maybe someone who signes your guestbook might.

Anyway an atacker can get a ssi enabled page to be parsed by the server, can exploit the server. Filling in a web form such as a guest book for example are common ways used to inject ssi into a already existing ssi document. I will not go into details on how to do this however.