A few notes about flufl.i18n's style.  We chose this (extracted from the GNU
Mailman project) because $strings are *way* less error prone for translators
than %s strings, especially when you consider that some languages change the
order of placeholders.  The automatic extraction of substitutions from locals
and globals (under the hood, via the sys._getframe() hack) was critical to
making the source code readable, by avoiding not just duplication, but
triplication of names.

There is a potential security hole though - a malicious translator with access
to the source could analyze the local and global context in which the
translation+substitution is being made, and craft a gettext catalog that adds
some new substitutions that expose sensitive information.  Given that most
translations get little scrutiny, this could be used as an attack vector for
users of some languages (though not English, since it's typically the source
language and thus not translated).

We've decided to accept the risks in exchange for the huge convenience.  We've
never seen such an attack and if we did, we'd address it in the code by
manipulating the globals and locals to avoid the possibility of a leak.  (We'd
also learn to never trust the translators that added the hack.)