Pyodide and PyScript base on WebAssembly, which is a widely supported standard and describes a memory-safe, sandboxed execution environment. Therefore I don’t really see the potential for security issues.
Pyodide could be potentially vendored along with the docs and it also can work offline. Though it is quite big: the full package is 200+MB in size.
Downloading the console files should be optional, for saving the bandwidth for users with worse internet connections.