As long as there is no more reliable authentication mechanism like shared passwords, shared keys or certificates, it could make sense to disable items provided by Zabbix-Agent.
Keys like log[*], system.sw.packages[*], vfs.file.contents[*] could easily become a vulnerability through ip spoofing.

Like extending Zabbix-Agent with additional item functions I would welcome to be able to disable a selection of native items/keys.