I think it's too much effort for too little gain. The motivation feels very weak; surely writing os.system("echo " + message_from_user) is just as easy (as is the %s spelling), so the security issue can hardly be blamed on PEP 498. I also don't think that the current way to address such security issues is a big deal: - The subprocess module is complex for other reasons, and a simpler wrapper could easily be made; - Database wrappers have forever included their own solution for safely quoting query parameters, and people who still don't use that are not likely to care about i-strings either. - Logging: again, it's hard to beat the existing solution, which mostly comes down to using %r instead of %s for any user-supplied or otherwise unverified data. - HTML quoting is an art and I'm skeptical that the proposal will even work for that use case. -- --Guido van Rossum (python.org/~guido)