croc maintainer here: like mentioned from the throwaway account above - yes, this is true that there was a recent major vulnerability. [1] It was fixed within a week [2], so I guess it is also true that croc has a history of fixing vulnerabilities, rather quickly. I should hope this means that security is taken seriously.
Anyways, croc is pretty similar to wormhole except that it allows resuming files (which wormhole does not yet [3]) and has some peer discovery for local network transfers. I've been using croc everyday for over three years and I'm still very happy with it. But, you should totally use magic-wormhole if that floats your boat - its a great tool, along with psanford's Go version. That may help me actually as I think croc has too many users on the public relay and the cost of bandwidth is becoming too high to keep the public relay available after this year.
The free hosting from DigitalOcean is for one year and ends on 12/31 this year. After that the public relay will cost me over $70/month (or maybe more, as that's the current cost covered but it continues to grow). I cannot afford that so around that time I'll try to get donations.
Anyways, croc is pretty similar to wormhole except that it allows resuming files (which wormhole does not yet [3]) and has some peer discovery for local network transfers. I've been using croc everyday for over three years and I'm still very happy with it. But, you should totally use magic-wormhole if that floats your boat - its a great tool, along with psanford's Go version. That may help me actually as I think croc has too many users on the public relay and the cost of bandwidth is becoming too high to keep the public relay available after this year.
[1]: https://redrocket.club/posts/croc/
[2]: https://schollz.com/blog/croc9/
[3]: https://github.com/magic-wormhole/magic-wormhole/issues/88