Some discussions on model security

[azraelxuemo]

I just briefly read the source code of safetensors, such a great project.
After reading it, I have a question that I would like to discuss.
A model is just many matrixs, and matrixs are only number, int or float.
You can check the model file format of safetensors, which only contains data, so why do other formats like ckpt need to use unsafe serialization and deserialization methods?

[julien-c]

it used to be convenient to store code (or other state) in the same files as weights