@bot @arcana @guizzy @mischievoustomato Hold your horses, sheesh.

Basiacally the python pickle is a data serialization format like json, or xml, but it converts any python object into this format, like lists, or dictionaries, or classes and whatnot. Since in python, everything, including code, is an object, then you can also package up code, as in functions that actually execute into a pickle, because functions are just objects like anything else in python.

This can be useful for things like maybe plugins, or for serializing data in one python program and sending it to another over a network, or saving it to disk and loading it back later.

The risk here is that it's easy to use insecurely. Sloppy code can be vulnerable to someone sending malicious code to a program that it knows is expecting a pickle, and that code could then be executed.

Pickles are attractive because they work for absolutely everything, and they are built into the python standard library; every python installation can encode and decode pickles, in just a line or two of code. This saves you a lot of careful thought about writing this sort of thing yourself. It can be a quick and dirty solution that never gets circled back to and done right down the road, and then blow your whole program up if someone discovers this vulnerability.