Currently there are malicious packets in the Python Paket Index (pypi).
When installing a new packet it is important to make sure that the packet name is spelled correctly. Malicious packets hide themselves by using packet names that are easily mixed up (i.e. urllib3 vs. urlib3). There has been no reaction form the pypi developers so far. This this security issues will stay relevant for the time being.
pypi is frequently used in small RaspberryPi projects.
source (german): golem.de