Comment # 3 on bug 1227174 from Matej Cepl

Yes, downloading and using pickles from the Internet is certainly a security
issue, and exactly the thing the pickle module documentation warns programmers
not to do (https://docs.python.org/3/library/pickle.html).

However, removing of the network downloading functionality probably requires
refactoring a big chunk of code.

Waiting on upstream for their solution.