secure unpickle?

[Tim Peters]

[Gandalf]
> ...
>> I'm using this module (based on the documentation you mentioned):
>> ...

[John J. Lee]
> What does this have to do with the question?  He was worried about
> security of pickle, not asking how to call dumps() and loads().

Look at Gandalf's code again.  The pickler is unremarkable, but the
unpickler contains the assignment:

    p.find_global = None

As his loads docstring said, "this function will not unpickle globals and
instances" as a result.