We currently use yaml.load to read a user-written config file. This can lead to malicious code execution, so we should use yaml.safe_load instead. Found using bandit. Change-Id: I27792f0435bc3cb9b9d31846d07a8d47a1e7679d