Side note: The prior 2.x version had a very, very, very minor exploit that could only be initiated by a logged-in administrator.
Of course, why would an administrator be interested in hacking his own plugin—that’s a thing, apparently. Was never exploited in the wild, nor ever would be (really).
