It will be nice, as already been done in zabbix agent, not to allow all remote commands on a proxy, since many secure configurations are not longer valid.

I'm thinking something like

AllowRemoteComand=zabbix_proxy -R config_cahe_reload

AllowRemoteCommand=/etc/zabbix/scripts/*.sh

DenyRemoteCommand=*

in the proxy configuration file