... As the blog entry goes on to point out, namedtuple is implemented by generating and exec'ing code for the classes it creates. I have a natural developer's distrust of exec, but as Raymond pointed out in a recent talk: execing code is not a security risk, execing untrusted code *is*. ...
http://www.voidspace.org.uk/python/weblog/arch_d7_2011_05_28.shtml#e1215
