Limit the substitution variables to just those named in the source string
One of the things that came up during discussions of PEP 498 and 501 was the idea that not all of locals() and globals() should be exposed in the dictionary used to interpolate into translated strings. What should happen is that the source string is parsed for the substitution variables, and then the dictionary used for interpolation would be culled of any keys not in that list. This would greatly limit the attack vector for translated strings to expose information leaks.
Edited by Barry Warsaw