No, according to researchers at Databricks, who discovered significant loopholes. They recommend a series of countermeasures.

PSF is urging its legion of Python users to upgrade systems to Python 3.8.8 or 3.9.2, in particular to address the remote code execution (RCE) vulnerability that's tracked as CVE-2021-3177.

This also caused Picklescan to fail to detect them. After unpacking them, the malicious Pickle files had malicious Python code injected into them at the start, essentially breaking the byte stream.

Pickle is a binary protocol used to unserialize Python object structures. The system is able to unserialize classes and methods, unlike JSON or YMAL.