Oh wow, thanks for finding this and letting me know. Have taken it offline until I can fix it. I'll open source it tomorrow, read the docs above and see if I can work out a fix.
I'm trying to fix the 2 vulnerabilities that you mentioned. I'm pretty new to this though so am struggling a little. Is there any chance there's any way I could message you privately to ask a couple of questions?