Я понимаю, что речь идёт про
Exploiting Misuse of Python's "Pickle",
Playing with Pickle Security.
В данной статье он еще и медленный
Don't Pickle Your Data:
Pickle is slow
Pickle is both slower and produces larger serialized values than most of the alternatives.
To illustrate this, I put together a simple benchmark comparing pickle to the built in JSON module, the Apache Thrift library, and MessagePack. This benchmark measures the number of objects a second each of these libraries can read and write. The data being serialized here are just randomly generated fake 'Tweet' objects containing just four fields:
Pickle is the clear underperformer here. Even the 'cPickle' extension thats written in C has a serialization rate thats about a quarter that of JSON or Thrift. Pickle also produces serialized values that are around double the size of Thrift or MessagePack.
Но на что бы я обратил внимание:
Warning: The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
Я думаю лучше поискать другое решение.
