Ditch "safe" as terms that are not "safe" for deserialization are used.

lib/pleroma/captcha.ex

@@ -66,7 +66,7 @@ defmodule Pleroma.Captcha do
 
     with false <- is_nil(answer_data),
          {:ok, data} <- MessageEncryptor.decrypt(answer_data, secret, sign_secret),
-         %{at: at, answer_data: answer_md5} <- Plug.Crypto.non_executable_binary_to_term(data, [:safe]) do
+         %{at: at, answer_data: answer_md5} <- Plug.Crypto.non_executable_binary_to_term(data) do
       {:ok, %{at: at, answer_data: answer_md5}}
     else
       _ -> {:error, :invalid_answer_data}

lib/pleroma/workers/mailer_worker.ex

@@ -9,7 +9,7 @@ defmodule Pleroma.Workers.MailerWorker do
   def perform(%Job{args: %{"op" => "email", "encoded_email" => encoded_email, "config" => config}}) do
     encoded_email
     |> Base.decode64!()
-    |> Plug.Crypto.non_executable_binary_to_term([:safe])
+    |> Plug.Crypto.non_executable_binary_to_term()
     |> Pleroma.Emails.Mailer.deliver(config)
   end