[worthless-trash]

I thought that deserialization for more 'language' specific serialization has always had dangers.

Python: https://docs.python.org/3/library/pickle.html Ruby: CVE-2013-0156

I'm sure there is more.

If you're using a serialized format, you get serialized risks.