Currently, ast.literal_eval() documentation gives multiple security warranties:

• Safely evaluate
• This can be used for safely evaluating strings containing Python values from untrusted sources

IMO that's plain wrong if you read the following RED WARNING:

It is possible to crash the Python interpreter (...)

The documentation should be rephrased to only described the purpose of the function and make it very clear that it must NOT be used on untrusted sources.

We can follow the phrasing of the pickle documentation: https://docs.python.org/dev/library/pickle.html

The pickle module is not secure. Only unpickle data you trust.

Linked PRs

• [3.9] gh-95588: Drop the safety claim from ast.literal_eval docs. (GH-95919) #126729