I had missed this, but weights-only is going to be the default for torch.load in Pytorch 2.6:
This is one of those small-sounding changes which requires quite a lot of follow-through to actually land. The default torch.load supports pickled Python code, so allows for arbitrary code execution: very helpful in a lot of cases (hence the many places that need special consideration!), but, particularly these days when many users may be trying models of fairly unknown provenance, a source of ongoing security concerns. Making that behavior an explicit opt-in is a great win for the wider community. HuggingFace have done some good work in this area too with their safetensors project, and having the core safe-by-default is a very welcome addition!