Comment by westurner

Python pickles have the same issue but it is a design decision per the docs.

Python docs > library > pickle: https://docs.python.org/3/library/pickle.html

Re: a hypothetical pickle parser protocol that doesn't eval code at parse time; "skipcode pickle protocol 6: "AI Supply Chain Attack: How Malicious Pickle Files Backdoor Models" .. "Insecurity and Python Pickles" : https://news.ycombinator.com/item?id=43426963