Hi @JamesParrott I agree that we shall not act as 'tick-box exercise". If the Python secure coding comes across as such then we will have to change.
At the moment I don’t see any alternative to what we do. Most secure coding documentation is based on lengthy lists of references without actual working code, basically getting away with concepts that do not provide any hard proof. We obviously only post questions here for content that is questionable in the first place, your feedback is very welcome.
We might need to create a parking area in our guide for questionable rules.