It's hall-marks of a low-assurance, software project hacked together to get it working with OSS components. There could be strong review in scripts or C code as the team are talented coders and breakers from what I've read. The minimum in high-assurance security... even medium-assurance... was that every feature was tested for proper behavior during successful execution
and failures. Plus, a description of why it's there that traces to a functional or security requirements. That's so evaluators can spot unnecessary code that might be a backdoor or just dead code.
Python for those scripts is questionable, too, as it's too complex to analyze with known principles of security engineering. It should be a 3GL that maps well to hardware with easy way to spot code-level flaws or automated them out (esp static analysis). You can abstract it, even macro it, so long as final code can be subjected to whatever eyeballs or tools are out there with ease. Non-security-critical stuff can be written in something like Python, though.