[d-z-m]

> using a model from a place like Huggingface means the author of the model can execute any code on your machine

To my knowledge this is only a problem if the model is serialized/de-serialized via pickle[0].

[0]: https://huggingface.co/docs/hub/en/security-pickle

[hehdhdjehehegwv]

The fact that pickle even exists is fundamentally wrong to start with. They should not be permitted as a distribution format, period.

[1oooqooq]

it's pretty neat and functional if you are the one writing the code. you can do things like "hibernate" with zero developer cost.

[wildzzz]

That's what it's used for in a major application I use on a daily basis. The entire config for the application is saved off in a pickle binary file and then loaded at whim. Makes it super easy to backup and transfer configs to compatible systems rather than saving everything to a database. One time we were trying to get the system to do something it was not designed for but was probably capable of. Eventually someone got it working on one of the two identical systems we have through a lot of trial and error. Rather than two people sitting on the phone all day comparing hundreds of settings, we just grabbed the pickle file and emailed it over and had it instantly working.