A popular opinion says to not use the pickle class on a data given by user because on deserialization it may lead to the object injection attack and malicious code execution.