From: "Ka-Ping Yee" <ping@zesty.ca>
However, there is still the problem that the established technique for storing instance-specific state in Python is to use globally- accessible data attributes instead of a limited scope. We would also need to add a safe (private) place for instances to put state.
Indeed, that's the fact that implementations of methods are normal functions that access the instance attributes like everything else do, that's why Zope-proxies become necessary (and a bit brittle): class A: def geta(self): return self.a # 1 a=A() a.a # 2 (1) and (2) are using the same operation/execution path. The other issue, as you wrote, is also that introspection operations are like normal operations too (and they share the same execution path also): a.__dict__ vs. introspect(a).__dict__ The problem is that there is obviously a flexibility/easy-of-use trade-off. Python is a language that maximizes that and where e.g. introspection feels easy and natural, OTOH analyzing security become nightmarish. regards.