I think part of the problem is Python, and the use cases. (I am no fan of Python), but having so many batteries included is one benefit; however, I think it is a hindrance, since you have no clue if a module has been updated, or actively working on. Being forced to use PIP, is nothing more then what we were doing in the 90s with CPAN or linking C libraries with Tcl (been over 30 years since I did Tcl). ++laugh++ besides OOP is over rated, that is why we have STRUCTURES (trolling.. .take no account).
I do not use Python on less I have to... but when installing via PIP are modules binary or getting compiled on local machine... talking about the one that extend Python capability beyond the Python interpreter. Use to be at the monastery of Perl, you would need GCC to compile a few good modules into C code.
And if 2.7 was so bad for security, tell that to a number of network vendors that still only have 2.7 and hard hooks into the services on the boxes.... Meh...