I think it will stay that way for the foreseeable future (but who can say). Ways to fix the particular hole:

(1) disable creating new `code` objects directly from Python. This probably would break lots of things.

(2) Add a bytecode verification mechanism that would reject `code` objects whose bytecode would result in memory errors when executed. This could be a lot of implementation work; I'm not sure.