The first 3 “hardening” points are not great.

Essentially it’s just: remove .py files an execute del os.environ[“SESSION_TOKEN“]? This doesn’t really sound very secure, there are a number of ways to bypass both of these.

It’s just security through obscurity