pickle
simply isn't secure:
The pickle module is not intended to be secure against erroneous or maliciously constructed data. Never unpickle data received from an untrusted or unauthenticated source.
As such the Celery team has decided that its users need to be explicit that they wish to accept pickled data.