On Mon, Aug 2, 2010 at 10:11 AM, Marc-Andre Lemburg
<report@bugs.python.org> wrote:
..
> Hmm, I just tried the code and it seems that you're right:
>
> The pickle string does not contain a reference to class x,
> but only the name of the function to call. Wow, that's a huge
> hole in Python's pickle system...
That's why we have a big red
"""
Warning: The pickle module is not intended to be secure against
erroneous or maliciously constructed data. Never unpickle data
received from an untrusted or unauthenticated source.
"""
in the docs.