> But make sure you pop them from the os.environ dict once you read them to avoid accidental exposure.

I've always accepted this was an attack vector, and some malicious library could extract env vars.

This actually makes a lot of sense, thanks!