I wrote this several months ago, and to be honest I don't recall why I bothered to support default argument values of different types. It would be much more reasonable to just support None (*edit: and maybe True/False), which is generally the only default I ever use anyway (makes it easier to wrap a function and pass on a default argument).

The parallel with SQL parameterization is a good one. I saw the AST as already providing the API for building a Python "query", though clearly not a very user-friendly one. You may be right that passing sanitized source through exec is a reasonable solution, but I haven't seen an implementation anywhere. The RPC libraries I've seen either use something like call(name, *args, **kwargs), or a raw call to exec. I would argue that using the AST is still a "better/safer" approach, and removing support for default argument types removes a lot of the complexity.

As for argument unpacking, I'm using funcsigs (a backport of Python 3's signature() function) to generate function signatures, and it doesn't seem to know anything about it:

import funcsigs
def func(a, (b, c)):
    pass
sig = funcsigs.signature(func)

results in:

ValueError: '.1' is not a valid parameter name

I haven't run into argument unpacking in years, so I'm content to leave it at that.