I've used both languages in one capacity or another recently, and my personal preference would be Lua. Both languages are comparatively easy to write in, but Lua seems to lend itself better to embedded scripting, whereas python is utterly fantastic for standalone scripts/tools/anything running under the OS/shell scripts rather than trying to plug into a game. 
For background I've been writing game code (not mods, it's a mix of gameplay scripting, tools, and engine code) with a games company for several years now, and we've found that lua is:
 - Quicker for existing C/C++ programmers to learn than Python
 - Lower memory footprint (as mentioned before)
 - Can have a much more predictable garbage-collection profile. It's subtle but I've seen more minor framerate spikes & stutter when using python code than Lua, that being said the majority of it can be mitigated with smart code in either language.
 - Relatively easy to edit for less technical designers, at least for basic tasks.
 
One big problem in either language though - debugging & profiling. How is stardock planning to handle this? and are modders going to get access to the tools? I'm sure we've all tried writing complex code without a debugger before (and probably dumped mountains of trace statements in to find out where things are going wrong), but it's *always* a pain - time spent to invest in at least a simple lua debugger is very well worth it, even if it's only to connect after hitting a breakpoint/error (or be an in-game UI) and examine the current state.
 
And to the people requesting that C++ is used, do you *really* want to be in a situation where a rogue/malicious mod has the full privileges of the game to do things to your system? It's very hard to properly sandbox native code - possible, but hard, and is it really worth Stardock spending time on that for this game, rather than spending time on the game itself? Whether intentionally or accidentally mods written than way would be far more likely to corrupt/crash the game, or play merry hell with your system - I'd much prefer a nice isolated scripting language that has absolutely no way of calling outside it's well defined API, and doesn't have opportunities for all the funky pointer math that could screw up said sandbox.