Welcome to my world! I manage systems in a medium-sized healthcare network and in the main hospital either the patients or the nurses keep putting the patient phones in DND - and then they call in a work order because the room doesn't receive calls. So at first I tried to educate the nurses and tell them how to fix the problem if it occurs... but they are nurses, and you can't get them to change a pillowcase - they certainly aren't going to dial ##5 on the phone. So then I tell them not to use DND on any phones, and they all get halos over their heads and say they never do.
So then being the childish person that I am I retaliated by making the DND destination on all the patient phones be the nurse's station (so the calls would at least get up to the floor instead of hitting switchboard). When the nurses called to complain I would just tell them to either go into the room and dial ##5 to make it stop, or just transfer the call back to the room. Well it only took a little while of that before they screamed so loud I could hear it in my office 6 floors below them so I finally ended up going into the dial plan and deleting out #5 so that is no longer an option in the hospital. People with digital phones that need to use it can have a button, and the rest can go away.
Of course then the nurses called to complain that #5 doesn't work anymore, and I politely explained that shouldn't be a problem because none of them ever use it anyway. I considered changing the code to something else and keeping it mostly confidential, but very few people in our organization ever use DND anyway so it just stayed deleted.
I also had a problem at one of my sites after I upgraded it to a 4000. The people in the ACD groups kept putting their phones on DND rather than just making themselves unavailable and it was constantly causing problems with the ACD groups. I couldn't just delete the code there because the users can select DND from the phone's menu, so on that one I had to actually go in and deactivate the feature so it was no longer on the menu. I haven't had a problem at that site since, and the people now use the phones the way they are supposed to.
So there's my long-winded version of what I did! I don't know any way right off the top of my head as a security feature, but the first 2 thoughts that come into my head are look to see if it can be blocked in COS, and the other is to build a dial string entry for it in LCOS and then restrict access to it. I doubt that will work, however, because I suspect the system will parse the DPLN table before it looks at the other dialing rules, so #5 will still activate from the dial plan entry.