I would rather think of this as an opportunity to help avoid injection vectors. if there was a separate.. . interpolation provider .. then something like os.system('dosomething {a} {b} {c}'.format(...)) could be written as ( !cmd here being a special type of f-string that does command line escaping, borrowing syntax from another thread a few days ago..) os.sytem(!cmd'dosomething {a} {b} {c}') This is both shorter and more resilient to injections. Essentially it feels like you annotate a string as "this will be executed on the command line" and the interpolation adapts. this would make doing the right thing the same as doing the easy thing and this would be good overall, no? I don't know about you, but i dont know by heart how to escape arbitrary user input and deal with all of the corner cases. yes, you can do this more safely with Popen.. but that is quite a bit more effort. also often times there is no such alternative or it is very unweildy (sql land this happens more often)