One thing I often see Django developers do when creating Django forms or Django Rest Framework Serializers is to use the
__all__ shortcut to specify all fields from the Model.
Personally I would remove this as an option as it encourages 2 bad practices IMO.
Firstly this introduces a security risk of leaking information later in the codebase's life. When at a later date a new model field is added, but doesn't want to be exposed to this form then
__all__ leads to this happening more easily.
It is the same reasoning as to why
exclude shouldn't be used on Forms or Serializers.
Secondly, you might think it's a handy shortcut since you are just repeating information. However the list of fields in a Form represent a fundamentally different concept in your app. Model fields declare how data should be stored
in your database, a Form doesn't represent this, but what data a user ought to be inputing into a webpage. These are related but not the same. A quick example of this is agreeing to T&C's, in the database it is often best to store this
as a DateTimeField, where as Form would simply require a checkbox. The same would go for fields that get populated on model