To expand on this point, I see Rust as a potential usability gain here, much more than the security aspect.
I think the argument to use Rust for CPython here would be much stronger if we could see standard_b64encode implemented in a way that takes advantage of Rust’s RAII to reduce the book-keeping we have to do in the C code right now.
Without a “Rust API” here for writing these extensions, this becomes purely a security argument (that I find fairly unconvincing at some level). If standard_b64encode was returning a Result and we were able to use ? and all this other stuff with a wrapper that did “the right thing” that would be, at least to me, much more interesting
EDIT: though a point against this being easy might be the memory allocation story here… though the error allocation failure paths are about allocation failures in the Python arena, not sure if that means we really have no stack left over. Still think it’s worth proving the point that this has ergonomics improvements, because that feels like a pretty big deal all things considered!