Thanks for sharing, I completely agree. I mentioned this in the README on pythonloc a week or two ago but forgot to add it to this blog post. I just updated it today with that concern.
I think that is one of the main use-cases of __pypackages__: to (easily) install some things from the internet and make sure your environment is reproducible. If you aren’t certain which packages are being used, you can’t be certain the environment is reproducible.