The game I'm working on has several elements that I would prefer to implement using a scripting language, as they are the type of things that may need A LOT of 'tweaking' in order to have the desired effects as well as be modular. Several of them are also of the type that users are most likely to want to mod and share, and this brings me to my question.

How secure is python for this kind of thing? I have embedded python in the project, but not written or exposed all the functions that it will need. I originally picked it as it's one of the few languages suitable for scripting that I have previous experience in, but python is a rather powerful language; and I would hate to think what could happen if a user downloaded a mod without caution from someone with malicious intent, and had the game run the scripts in it.

Is there any way to prevent python from accessing files outside a certain directory? Or block certain modules entirely? I'm not so far along that it would hurt excessive to throw python out for something else, but I would prefer to keep it; and any replacements would have to be suitable for writing complex (though not necessary demanding) behaviours in.

Or do I worry about this too much? It's not like the game will require higher access privileges to run...

Python isn't designed to be sandboxed, and it's very hard to do even if you know Python very well, so really it's not ideal for what you want to do.

I'm not an expert, but from what I've read here and on Google, it's essentially impossible to sandbox Python.

Usually, Lua is recommended instead. It is a language designed for game scripting so it is lightweight and has good sandboxing support already.

All-right, it was as I feared. Though I do wonder a bit about Lua, as far as I know it allows you to pass functions around like variables; but is it safe to send them into the core of the game and then have the game call it at an indeterminate time later? Does it support passing around 'argument sets' (in the form or tuples or something) and calling functions with them, from within a script or the game itself?

Or maybe I care too much about it? Any python code executed on a users machine would have to be one that they sought up (or noticed on a forum or other source) and explicitly downloaded and installed...