They are currently on a separate branch and they are known to break python-openid (and with that Flask-OpenID). I don't have a solution for that yet. If someone is really concerned regarding security you can copy/paste the code into your own project. The session interface in Flask is pluggable for a while already.
I should add that this will not be at all the final implementation for Flask 0.10 in case I want to change that. If the change of the implementation will happen I will make itsdangerous (separate Python module) have a way to serialize the custom objects properly and then add this as a dependency.
They are currently on a separate branch and they are known to break python-openid (and with that Flask-OpenID). I don't have a solution for that yet. If someone is really concerned regarding security you can copy/paste the code into your own project. The session interface in Flask is pluggable for a while already.