I think the Wesnoth guys came to the conclusion that they could not safely run arbitrary python scripts in their game client because it could not be made secure.
Hm, I don't think it would be too difficult. First thing you would do to head off most problems is limit module imports to only a select amount of modules. Then implement a loop limit based on the module's __maxlooplimit__. Other stuff escapes me at the moment...
Clearly the solution is to separate scripts into headers and implementation. Then we can finally have typesafe NPCs, eleminating a whole class of possible errors. And when you make a change to your system class you have to recompile the whole server.