I'd be concerned as well and not in a good way.

As Zen Cart 1.3.8a does not use anything out of the ordinary I cannot see why it would not work. Sounds like the Hoster has gone a bit overboard; paranoid even, with regard to their Security settings.

If you cannot use the current version of Zen Cart, which has good security using common methods, it makes me wonder how many other scripts will not be able to used. And what will the Hoster do when v1.4.x comes out; which will based on v1.3.8a but even better.

Might be time to start looking into your list of backup Hosters as it could be time to move, and soon.