The yaml safe_load() function prevents the deserialization of complex objects which could be used for arbitrary code execution. While loading config data from untrusted sources is a bad idea in the first place, adding an extra layer of security here won't hurt.

Issue resolved by commit 4c6eb3f.