[ethbr1]

To me, it feels like an abuse of "you shouldn't be doing that"-ism.

A serializer should generate a sane serialization of whatever I throw at it. Or at least have an option that allows me to force that.

If I then choose to send that serialization somewhere unreasonable, that's on me.

In my case, I was hacking in C#-on-top-of-another-environment, so didn't have full access to reimplement stuff, without jumping through additional hoops.

That said, absolutely agreed on de-serialization, as larger opportunities for footguns abound.