This is still vulnerable to a class being implemented in a way that doesn't take into account how malicious unpickling might be used on it, and then someone unknowingly pickling it. We can go one step further by adding an __unpickle__ method that, if present, is the only method that is used to load a class. We would also want to add a __pickle__ method.
--- Bruce