There is also a special kind of services named CoreServices. These services has total access to the servent Core functionalities as Deployer, Configuration, P2PRegisterer, P2PDirectory... Whit these CoreServices it is possible to make more powerful services.
Because those services can access to the Servent core functionallity, they must not be deployed by anyone and it's is possible the service itself must contain some kind of certificate or hash wich authenticate itself within the servent.
This is not done and will not be done in short so anyone that can access to the ADMIN port can deploy CoreServices.