I was communicating with my local Python User group, and got an opinion from one of the members a lot like this. Unfortunately I don't have the experience to answer effectively. Here is the response that I got:
I don't really have time to get into an epic religious discussion but I'll try and sum it up nicely: 1. Think of exec/eval tools as weird magic best left alone. Regardless of the complicated arguments, the truth is that simply debugging code in an exec/eval argument is much harder. It means your variables are stored in variables of variables. Web framework building is hard enough without tossing in that sort of complexity. 2. I'm no security expert, but I do know that security experts always raise the flag on Security-by-JavaScript (cough... facebook... cough...) and exec/eval statements. If your code ever gets audited by someone competent and they see exec/eval statements in your underlying framework they are going to go postal. 3. SQLAlchemy, libcloud, psychopg, flask, Pyramid, Django, Zope, pygame, scipy, and 99% of the Python world does things as explicitly as possible. They don't do extra imports for you in their controllers or modules, which seems like extra work in the short term. In the long run, you know EXACTLY what is going on in a file - and that counts for so much. 4. JKM's major rant on reddit was that this behavior defined in point #1 above makes Web2py different than the rest of the Python world. And that they are training a breed of new python developers who expect different behavior in code then the rest of us. Call me a fanboy (and employee), but he's right. If you have a problem with Web2py the majority of the people on this list or any python list will be crippled in their ability to help you. On the other hand, any of us can figure out the individual components of flask, sql alchemy and more because it is following the common pattern. So that means while I may not know much about SQLAlchemy, I can figure out what's going on inside.
