diff --git a/doc/CHANGES.rst b/doc/CHANGES.rst
index 2a16a993c9..11169f96ad 100644
--- a/doc/CHANGES.rst
+++ b/doc/CHANGES.rst
@@ -8,6 +8,9 @@ http://docs.zope.org/zope2/releases/.
 2.12.27 (unreleased)
 --------------------
 
+- LP #978980: Protect views of ZPT source with 'View Management Screens'
+  permision.
+
 
 2.12.26 (2012-10-31)
 --------------------
diff --git a/src/Products/PageTemplates/ZopePageTemplate.py b/src/Products/PageTemplates/ZopePageTemplate.py
index e1050b7059..392389833a 100644
--- a/src/Products/PageTemplates/ZopePageTemplate.py
+++ b/src/Products/PageTemplates/ZopePageTemplate.py
@@ -57,6 +57,8 @@
 
 class Src(Explicit):
     """ I am scary code """
+    security = ClassSecurityInfo()
+    security.declareObjectProtected(view_management_screens)
 
     PUT = document_src = Acquired
     index_html = None
@@ -69,6 +71,8 @@ def __call__(self, REQUEST, RESPONSE):
         " "
         return self.document_src(REQUEST)
 
+InitializeClass(Src)
+
 class ZopePageTemplate(Script, PageTemplate, Historical, Cacheable,
                        Traversable, PropertyManager):
     "Zope wrapper for Page Template using TAL, TALES, and METAL"