I’m having a hard time coming up with a coherent threat model where lazy imports meaningfully affects things. I understand the idea that lazy imports means that someone could swap out a piece of pip at runtime due to a delayed import— but without a delayed import they’re just swapping out a piece of pip the next time pip is invoked. So you’re only potentially affecting situations where pip has lazy imports, and is never invoked again within that environment.
Even then, they could just drop a sitecustomize or a fake python binary or something, that means that you’re only safe if you never invoke Python itself again in that environment, at which point why did you even install something?
Historically Python packaging has not attempted to try and treat a malicious package that a user has chosen to install as being part of the things that are in scope for security considerations (different than just downloading them, etc), because at the end of the day if you’re installing something then there’s not much we can do to meaningfully secure it if the thing you’ve chosen to install is malicious.
I fail to see how lazy imports with pip meaningfully changes anything in that regards. Yes technically it shifts the point of when an attacker gets their code executed forwards a tiny bit, so you could come up with some scenario where it’s technically making the situation less secure— but I’m struggling to think of a situation where that’s actually a realistic case.