Right, but in another comment you talk about serializing querysets, and I'd be surprised if you can guarantee that no other developer will ever put dangerous data in any of the rows in your queryset. That approach would be building a pretty dangerous foot gun.
Just the whole approach gets dangerously close to a big security issue, even if you do it "right".
Just the whole approach gets dangerously close to a big security issue, even if you do it "right".