Supply chain attacks on Python, including recent compromises of popular packages and CI workflows, have exposed structural weaknesses in the scientific Python ecosystem. This BoF will bring together library maintainers, downstream users, and security practitioners to discuss practical strategies for securing scientific Python stacks, from core packages (NumPy/SciPy) to domain libraries and analysis workflows. We will share current efforts (e.g., SPEC 8, Trusted Publishing, SBOM generation, GitHub Actions hardening), identify pain points and gaps, and brainstorm actionable steps the community can take over the next year to make scientific Python releases more trustworthy by default. Join us to share your experiences, challenges, and ideas on fortifying our open-source projects against potential threats and ensuring the integrity of scientific research.