I think removing lazy_imports=none makes sense here.
I was one of the people with a concern about latency, but that can be solved by people that have specific needs of imports having been eager by reifying imports as part of application startup, my use case doesn’t need an interpreter flag.
I think the security side is actually a red herring and the actual root issue here is that pip and other apps like it make assumptions that aren’t safe with or without lazy imports. pip shouldn’t run from the environment it is modifying.
Changing that is a large change to push onto pip, and there are other options that preserve the current security boundary without costing the main gain (such as pip reifying imports prior to processing remote files during install-like commands, but not prior to then, allowing response time to not incur this for things like --help)