In Python 2, a call to the input() function, input(prompt) is equivalent to eval(raw_input(prompt)). Evaluating user input without any checking can be a serious security flaw.

Get user input with raw_input(prompt) and then validate that input before evaluating. If the expected input is a number or string, then ast.literal_eval() can always be used safely.

Python Standard Library: input, ast.literal_eval.

Wikipedia: Data validation.