Although there are no obvious points of attack, vulnerabilities may never be ruled out. To report a security vulnerability, please go to Issues -> New -> Report a security vulnerability.
You should receive a first response within 48 hours. If for some reason you don't get a reply within a week after reporting, please contact the maintainer directly via PGP-encrypted email. You can find the public key on keys.openpgp.org.