docs do not mention if loading application data from config files is a security risk or not

[metaperl]

In the docs on Traitlets configuration via config files the section does not indicate whether arbitrary or potentially malicious code is prevented from executing in these files.

Are there any security risks involved in using plain Python for traitlets config files?