This is an excellent and very relevant question. Security of 3rd party modules is indeed an increasingly important question for enterprise software development as well.
One thing is security of the package manager itself. It should download packages over a secure channel (https mostly), validate downloaded packages to make sure there was no tampering either on the host or on the client after downloading but before installing. You must also be careful to enter the right package name if you install a package manually, because install scripts for the package are run with the user you are installing with (often root on Linux), see this research why that is a threat (original website is down at the time of writing this response, articles are here or here).
The other thing is the code you are adding from the installed package. When you add a 3rd party module to your application, you inherently trust the person or organization that made the package. You either want to do that or not, the risk is that you might be adding vulnerabilities to your software through the packages you install. Of course well-known packages probably pose less of a risk, but being well-known and used by many people is by far not a guarantee for the security of a package.
What you can (and should) do as due diligence when adding a new package is checking online whether there are known vulnerabilities. In general, you can use online databases like the NVD for these types of queries, I don't know of such a database specific to Python.
In case of languages like Python or Ruby, you can of course also look at the source code of the package and check it for vulnerabilities. Note though that security code review is tricky business, sometimes it's not easy to spot security flaws.
So the short answer is most packages for Python are probably ok, but using packages from unknown authors can indeed introduce serious vulnerabilities. Also over time, new vulnerabilities may be discovered in old packages, so besides checking a package when adding it to your project, you should also regularly update your 3rd party packages, especially if there are known vulnerabilities (but also if there is none).