The templates used in web2py felt good. Dont know what happened to web2py?

web2py let arbitrary code be called by the client, and its failsafes were full of holes. So it fell out of favour.

That's just nonsense - source?

Handful of open CVEs in Debian. [0]

The brute-forceable admin happened around the time web2py and Django devs started having a few arguments online, like this one [1], which didn't exactly paint web2py in a good light.

[0] https://security-tracker.debian.org/tracker/source-package/w...

[1] https://www.quora.com/Is-web2py-a-good-Python-web-framework

Yes, canvasblocker blocks one kind of fingerprinting. Combined with ublock (or privacybadger) + self destructing cookies and maybe decentraleyes, and a vpn, you are almost there...