Right now, the service is vulnerable because of its use of unencrypted HTTP channels. Since the transmitted data is actually being executed on someone's computer, it is absolutely necessary to secure the channel in order to prevent MITM attacks and other nasty stuff.

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.