The exposed (atlassian) api for forum_modules found under forum_modules/atlassian/api uses an outdated version of django-piston which does not contain the fix for a remote code execution bug due to the use of yaml.load instead of safe_load in the emitters.py python script(on line 412).
Whilst it appears that the yaml module is not available on the production or staging instances of answers.atlassian.com this bug should still be fixed.