Troubadour I was posting this to get your thoughts on these two ways to further improve security of Python scripts.
I was looking for a secure sandboxing mechanism for Python and I found PyPy.
They are an implementation of the entire Python interpreter except they have designed their version to handle untrusted code safely.
No functionality is removed when compared to standard Python.
They have packages in Debian Jessie.
Obviously not all Python modules have been implemented using RPython or PyPy but they should be compatible. I don’t understand if the normal modules, in standard Python could also take advantage of the hardened PyPy interpreter. Would like a word on that if you understand more about it.
(Where I got the idea. Note that PyPy was recommended as an alternative by the author of a failed approach called pysandbox - which he confessed as having restricted too much functionality but its sandbox still leaky. That was because he tried to implement the sandbox inside the interpreter itself rather than from the outside).
 http://pypy.org/ (PyPy’s many virtues)
 http://pypy.org/compat.html (notes on compatibility with standard Python modules)
Edit by Patrick:
Edit by HulaHoop: