It's in their threat model under 'Module injection':
> The mitigation is to maintain secure access permissions on all directories and package files in search path to ensure unprivileged users do not have write access to them.
Ok, I see. To be honest I read that as "keep your PYTHONPATH sane". I think that's a bit different from worrying about someone having write access to the source, but still related - point taken.
CVE-2008-5983 (https://bugs.python.org/issue5753) "Untrusted search path vuln... prepends an empty string to sys.path when the argv[0] argument does not contain a path separator"