I would infer that it's insecure, since if it were that easy there wouldn't be various abandoned projects trying to sandbox Python.

It's the curse of any sufficiently useful language. Well, maybe not Lua, but that was specifically designed for embedding. Java also began with that intention back when applets were ahead of their time, though IIRC secure sandboxing is no longer really a feature.

but all those projects also wanted system apis like filesystem and sockets and such.

for me I just want to hijack the interpreter so I don't have to write my own. no imports, no sockets.