Marshal.load is not documented to be dangerous
Marshal.load is incredibly powerful, and also incredibly dangerous.
Unfortunately, many developers use it inappropriately and unmarshal user input. This can lead to a wide range of vulnerabilities, including remote code execution.
Marshal.load should be documented as dangerous and the documentation should also mention that it should only be used on trusted data.