If an authenticated user calls hg init hg.host.com/dummy/../../../etc

it will create the repository in another root directory if the process of

hgkeeper has permissions for this.

This could be an attack to the server.
Also hgkeeper admin repository can be overriden like this.

hg init ssh://hg.host.com/dummy/../hgkeeper/keys