Unless the article was updated after your comment: the reason is right there in the article:

"However, Python does not produce any instructions for assert statements when compiling source code into optimized byte code (e.g. python -O). That silently removes whatever protection against malformed data that the programmer wired into their code leaving the application open to attacks.

The root cause of this weakness is that the assert mechanism is designed purely for testing purposes, as is done in C++. Programmers must use other means for ensuring data consistency."

I would argue that one should never use '-O' it also strips doc strings from running code. Not really an `optimization` but they had do something right? One couldn't run __unoptimized__ in production could they?

> I would argue that one should never use '-O' it also strips doc strings from running code.

Python `-OO` strips docstrings, `-O` basically only disables assertions. See: http://stackoverflow.com/a/4777156/459543

>See: http://stackoverflow.com/a/4777156/459543

Or just do "python -h":

-O : optimize generated bytecode slightly; also PYTHONOPTIMIZE=x -OO : remove doc-strings in addition to the -O optimizations

Same on both Py 2 and 3.

I assume that almost nobody uses -O in production.

Probably the same folks who don't test their code probably also remove their assertions in production.

So far as I've ever read, literally all -O does is strip asserts and docstrings. It doesn't really optimise anything.