Yes, our Python integration code for TurboActivate is a fork of their Python code. And if this were a security risk we would be going through much quicker legal channels than slower, more diplomatic, personal channels with the original authors.
See our Python integration example repository here: https://github.com/wyattoday/python-turboactivate
In short, yes, we take security seriously. This "pip" control is not really about security. It's about ensuring Python is a first-class supported language by us. I get that you want us to do everything for you in less than an hour (including taking control of that pip package, writing a walk through, and helping you debug basic Python concepts), but that's not realistic.
- A Python walk through written by us and published on our site will be coming. We've already told you multiple times it will take at least a month.
- We will be taking over that pip package. We did not give you a timeframe on that (but again, it's not critical -- use our code from our repository).
- And as far as helping you with basic Python programming, we can only provide so much help there. We're not a code academy. You'd be better off following an online Python tutorial or buying a Python book and working through it cover-to-cover.
Also, in the future, you might want to do the bare-minimum of due-diligence before accusing us of not taking security seriously. Google how to follow the "fork trail" of the repository and see the original authors. Or just look at the copyrights in the code. It's easy to find.