I don’t know if this is related to the RPG course but @Brian_Trotter has written a comprehensive post about changing the save system to a json-based version. It says ‘ON HOLD’ but check it out anyway.
That being said, the security vulnerability is only really a problem if you are going to have a distributed save. The issue is that malicious code can be injected into a save and executed. If that save only lives on your own machine, you would have to be the one injecting that code and executing it on your own machine. There are a lot of easier ways to break your own machine. This doesn’t mean someone can’t hack your system and do it but again, if they’ve hacked your system you have bigger problems than your game’s save