whats HEP?

guessing you might mean contexts where a library was installed as an opaque binary and you can't see the source code of it - questions about whether you can trust it to do what you expect and not something else, etc

guessing those situations might be what you mean by "unholy"?

guessing there could also be another "unholy" can of worms re incompatible licencing in some contexts too.

but I don't think it would only be with python..

wouldn't it be similar for pretty much any context for any language where packages link to binary libaries that are already installed?