Using a service account
The recommended best practice is to never release to the public any integration that uses hardcoded service accounts.
Service input validation
The Python SDK doesn't enforce input validation or sanitization for any of the endpoints it exposes.