PocketWebGames is a small hobby project. The Core2 only runs on a local Wi-Fi access point it opens itself, with no internet access — so the attack surface is essentially "someone on the same room's Wi-Fi". Still, if you find a real security issue, please tell me privately:

• Open a private security advisory on GitHub (Security tab → Report a vulnerability), or
• email marcel.duetscher@gmail.com.

Please don't file a public issue for security problems.

I'll respond as fast as a hobby project allows.