it seems safer to just use something external and expose only the objects and methods I choose to allow.
This doesn't answer your original question, but I'll suggest it in case it helps... Perhaps you should look at something like Twisted's Perspective Broker. It's hard to wrap your head around, but it allows you to declare certain data types and methods as "callable" by clients of a server. Then your scripting language can be Python, and the clients can run whatever code they want (including removing their own home directories if they really want to :P) but they can't run arbitrary code on your server, only specific functions that you manually mark as "ok" for remote clients to call.