In response to Oleg and George.<br><br>Yes apparently there is an acknowledgement in some subordinate page somewhere that there might be some problem with security and pickle.&nbsp; This should be on the first page in bold face like the unneeded one for marshal.&nbsp; I missed it just now because I just looked at the first page for marshal and pickle, like most people probably would, sorry.<br>
<br>Also this line from the marshal doc has got to go: <br><br>&quot;For general persistence
and transfer of Python objects through RPC calls, see the modules
<tt class="module"><a href="http://docs.python.org/lib/module-pickle.html">pickle</a></tt> and <tt class="module"><a href="http://docs.python.org/lib/module-shelve.html">shelve</a></tt>.  &quot;<br><a href="http://docs.python.org/lib/module-marshal.html">http://docs.python.org/lib/module-marshal.html</a><br>
<br>which should read<br>&quot;For RPC calls never use pickle.&quot;<br><br>And the security warning for marshal benieth it should be removed because it is nonsense.<br><br>The implication of the current documentation is that most of my public projects contain serious security holes when they don&#39;t.<br>
And if you don&#39;t read the documentation carefully (like the implementers of Plone apparently didn&#39;t) the docs seem to suggest<br>that pickle is somehow &quot;safer&quot; when it is about as unsafe as it could be.<br>
<br>-- Aaron Watters<br><br>