docs: pickle module security warning link + move user-facing prose

to Python wrapper

Two changes:

* Reference link to the pickle module's official security warning
  in `https://docs.python.org/3/library/pickle.html#module-pickle`.
  Added in the user guide ("Disabling Python UDF inlining" note and
  the Security warning block) and in the Python
  `SessionContext.with_python_udf_inlining` docstring. The
  unqualified phrase "pickle is unsafe on untrusted input" assumed
  reader background that not every datafusion-python user has.

* Strip the user-facing prose docstring from the Rust
  `PySessionContext::with_python_udf_inlining` method. Python
  wrappers are what users see via `help()` and Sphinx; the Rust
  doc-comment duplicated the same text and risked drifting from the
  Python version. Matches the surrounding methods
  (`with_logical_extension_codec`, `with_physical_extension_codec`)
  which carry no Rust doc-comment for the same reason.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: timsaucer

crates/core/src/context.rs

@@ -1408,12 +1408,6 @@ impl PySessionContext {
         })
     }
 
-    /// Toggle inline encoding of Python-defined UDFs on this session's
-    /// codec stack. Disable when producing bytes that must round-trip
-    /// through a non-Python decoder, or when reconstructing bytes from
-    /// an untrusted source via `Expr.from_bytes` (cloudpickle.loads
-    /// will not be invoked on the receiver). Pickle remains unsafe on
-    /// untrusted input regardless of this flag.
     pub fn with_python_udf_inlining(&self, enabled: bool) -> Self {
         let logical_codec = Arc::new(
             PythonLogicalCodec::new(Arc::clone(self.logical_codec.inner()))

docs/source/user-guide/io/distributing_work.rst

@@ -201,7 +201,10 @@ into ``cloudpickle.loads``.
 Note that :py:func:`pickle.loads` itself remains unsafe on untrusted
 input regardless of this setting — an attacker producing the outer
 pickle envelope can execute arbitrary code before the codec ever
-sees the bytes. The toggle only protects the
+sees the bytes (see the
+`pickle module security warning
+<https://docs.python.org/3/library/pickle.html#module-pickle>`_ in
+the Python standard library docs). The toggle only protects the
 :py:meth:`Expr.from_bytes` API surface.
 
 Security
@@ -211,12 +214,14 @@ Security
 
    Reconstructing an expression containing a Python UDF executes
    arbitrary Python code on the receiver — pickle is doing the work
-   under the hood and pickle is unsafe on untrusted input. Only
-   accept expressions from trusted sources. For untrusted-source
-   workflows, disable Python UDF inlining (see above), restrict
-   senders to built-in functions and pre-registered Rust-side UDFs,
-   and avoid :py:func:`pickle.loads` on externally supplied bytes
-   entirely.
+   under the hood and pickle is unsafe on untrusted input (see the
+   `pickle module security warning
+   <https://docs.python.org/3/library/pickle.html#module-pickle>`_
+   in the Python standard library docs). Only accept expressions
+   from trusted sources. For untrusted-source workflows, disable
+   Python UDF inlining (see above), restrict senders to built-in
+   functions and pre-registered Rust-side UDFs, and avoid
+   :py:func:`pickle.loads` on externally supplied bytes entirely.
 
 Query-level distribution via datafusion-distributed
 ---------------------------------------------------

python/datafusion/context.py

@@ -1787,8 +1787,10 @@ def with_python_udf_inlining(self, enabled: bool) -> SessionContext:
           source — ``cloudpickle.loads`` will not be invoked.
 
         ``pickle.loads`` on untrusted bytes remains unsafe regardless of
-        this setting; only the ``to_bytes`` / ``from_bytes`` API is
-        affected.
+        this setting (see the `pickle module security warning
+        <https://docs.python.org/3/library/pickle.html#module-pickle>`_
+        in the Python standard library docs). Only the
+        ``to_bytes`` / ``from_bytes`` API is affected.
         """
         new_internal = self.ctx.with_python_udf_inlining(enabled)
         new = SessionContext.__new__(SessionContext)