[crdoconnor]

You don't need most of those features. A pared down YAML with the cruft removed (implicit typing, flow style, tag tokens, node anchor & references) is actually pretty simple as well as less "gotcha-y".

[__david__]

Sure, but most language YAML parsers support all or most of the spec. That can be a problem if you aren't expecting it.

[alanh]

I believe it has even created security issues. Didn’t Rails have at least one YAML-based vuln?

[rurban]

You need to restrict YAML to SecureLoad, with manually adding allowed typed and classes.

At least perl doesn't support this, so it's inherently insecure there, but you can always use YAML::Syck which didn't go this way.