Comment 2 for bug 1753870

While this report directly addresses the two areas where a user of Calibre can be potentially tricked into directly triggering a malicious pickle, there is a very dangerous pattern of using pickle throughout the entire codebase. This should be modified in favour of safer serialisation methods like JSON.