So, we had this: http://lucumr.pocoo.org/2009/3/1/the-1000-speedup-or-the-stdlib-sucks . This demonstrates a rather bad mistake, which probably costs the universe a load of cycles, even when we speak. Now it is fixed, and that's great.
So, which parts of the standard library have you noticed evil?
I expect all responsible people to respond with an error message (if appropriate) and a patch (if superman).
(since this is a different module, placing it in a different answer)
cgitb has some weird threading issues. See this bug report .
Never relate to malice, which can be adequately explained by stupidity.
The rexec module has so many security holes that it is almost useless.