Why are libraries shipped separately instead of bundled with every program?
On top of the advantages you mentioned (security, packaging, features), I can think of some more:
Someone who would find the functionality useful for another program would not need to do the work of splitting it away. That is if she even knows if the functionality exists in your project in the form of a library in the first place. This depends on how well it's designed... if your project is modular enough.
In the case of this being useful for other projects, this would reduce the size of disc usage in general (e.g. only one copy of the code).
This would improve the quality of your code, forcing you to do some (much-needed) refactoring. As in the first point above, this also depends on the quality of your code.
Increasing the number of users of the library (if it's split away) would help make it more generic, which will likely improve it's quality as well.
Yet another answer, but one I consider to be the most important (just my own personal opinion), though the others are all good answers as well.
Packaging the lib separately allows the lib to be updated without the need to update the application. Say theres a bug in the lib, instead of just being able to update the lib, you'd have to update the entire application. Which means your application would need a version bump without its code even having changed, just because of the lib.
While advantages are obvious, ease of deploying seems to be the main argument for shipping library together with program in your case.
Here's some more arguments against bundling:
In Linux, it's the distribution maintainer's job to ensure that your library works well with its dependencies. Most users will in any case download the library using the distribution's package manager. Those who are using trunk usually will not mind spending time on configuring the library anyway.
In Windows and Mac OS, Python package managers like pip are usually used anyway, since installing libraries by hand is cumbersome.
There have even been arguments about hard-deploying to Google app engine, but not all web frameworks run on it. Many even require porting, disk space for libraries is limited, and it's web application hosting after all! It's unlikely for web application to use symbolic maths.
Nobody prevents you from displaying clean error messages if the dependency isn't available or has the wrong version.
People often hate it when the program considers itself more clever than they are. Let users take care of their own system.