Security Concern: Usage of `pickle` for Model Loading

[FlyingFathead]

I recently started using pyAudioAnalysis for a project and noticed that the package uses Python's pickle module for loading models (specifically in audioSegmentation.py and audioTrainTest.py). Given the inherent security risks associated with pickle, I wanted to raise a concern.

Issues:

• pickle is known to be insecure when loading data from untrusted sources. It can execute arbitrary code during the unpickling process, posing a significant security risk.
• For widely used libraries like pyAudioAnalysis, ensuring safe model loading is crucial to protect users from potential vulnerabilities.

Suggestions:

• Replace pickle: Consider replacing pickle with a safer alternative like joblib or json for model serialization and deserialization.
• Documentation: In the interim, clearly document the security risks associated with using pickle and advise users to handle model files from trusted sources only.

I appreciate the work that has gone into developing pyAudioAnalysis and hope this feedback helps in making it even more robust and secure.

Thank you for your consideration.