Loading the tokens from an alternative file format such as JSON would be safer, given the intended use-case of an agent that can write to the file system. In theory someone using goex with their agent could be prompt injected and the agent could try to overwrite the token.pickle file with an arbitrary python code (unless properly sandboxed).
Note that pickle is not secure (see https://docs.python.org/3/library/pickle.html) and can lead to remote code execution:
https://github.com/ShishirPatil/gorilla/blob/a3e7b2c2a65a4d21c44a144b8cc7c0bc7ab8c7eb/goex/function/slack_read_messages.py#L13
Loading the tokens from an alternative file format such as JSON would be safer, given the intended use-case of an agent that can write to the file system. In theory someone using goex with their agent could be prompt injected and the agent could try to overwrite the token.pickle file with an arbitrary python code (unless properly sandboxed).