What is Pickle?
Should I use Pickle?
Of course not.
It is insecure. Untrusted pickles can do arbitrary things. For example, this pickle executes arbitrary Python expressions: pickle.loads("c__builtin__\neval\n(c__builtin__\nraw_input\n(S'py> '\ntRtR.")
- It is Python-only: pickles cannot be loaded in any other programming language / environment.
It is schemaless and opaque. See: http://bpaste.net/show/d0UZUSsAHtekA0pDiQzu/
The json module (http://docs.python.org/library/json.html) can handle dicts, lists, ints, floats, strings, booleans, and None. It cannot handle reference cycles, however. (pickle can.)
PyYAML (http://pyyaml.org/) can handle everything json can, as well as having comments inside source data, and reference cycles. However, it defaults to an unsafe pickle-like loader.