Yeah... definitely good to be careful but the switch to safetensors improved the security situation a lot. The ckpt files use pickle under the hood, and it's trivially exploitable. There is a giant warning on the Python docs page even. docs.python.org/3/library/pickle.html