> It sounds like it has some security vulnerabilities that the maintainers aren't taking seriously

It may, and they may or may not, but the author hasn't actually reported any. They're explicitly ignoring the security policy and vagueposting instead.