I work in the same office as some of the folks that are working on the victi.ms vulnerability database for Java projects, and they recently asked me for advice about how to add Python support (they've also been discussing the addition of Ruby support with some of the rubygems.org devs).

So, rather than doing anything purely Python specific, I suspect we're more likely to focus on collaborating effectively with victi.ms rather than duplicating their work.

Near term, major new features aren't likely to be added to the current PyPI code base - the current PyPI development efforts are mostly focused on migrating to a new architecture where the data integrity constraints are strictly enforced at the database layer.