The input function, which evaluates the given string and returns the result, has some restrictions, but still may be exploitable.

right from the pickle documentation:

Warning

The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.

I tend toward the paranoid when looking for this kind of thing. More so because I tend to do alot of metaprogramming.

• most side effect commands (which other posts cover)
  • file manipulation (open, tarfile, zipfile, ...)
  • network calls (urllib2, socket, ...)
  • data serialization/persistence (pickle, shelve, ...)
  • process/thread management (subprocess, os.fork, os.kill, ...)
• builtins
  • getattr
  • setattr
  • delattr
  • eval
  • exec
  • execfile
  • __import__

And probably others I'm forgetting. I'm also wary of user input going through functions where I'm modifying sys.path, sys.modules, etc.

The subprocess module contains nasty functionally which deprecated these ways of executing commands/processes:

os.system
os.spawn*
os.popen*
popen2.*
commands.*

There is also exec which will execute python code and eval which will "evaluate" an expression and can be used to manipulate variables.

eval and exec are the classics. However, open and file can be abused too:

open('/proc/kcore', 'w').write('0' * 1000 * 1000 * 1000)

Then there are the os, sys, subprocess, and dircache modules. Pretty much anything that touches the filesystem or can be used to turn data into executable code (like os.system) is going to be on the list.

As S. Lott pointed out in the comments, writing to the filesystem and executing arbitrary external programs aren't Python-specific. However, they are worth security auditors' consideration. Most of these functions can be safely used without too much concern for security. eval and exec, on the other hand, are great big red flags. Using them safely requires meticulous care.