Commonly, a web server or other process that exposes a port to other (possibly malicious) computers will run as its own user (Apache runs as the user nobody), so that even if the web server program is hacked, the attacker can not trash the entire machine quite so easily.