Report a vulnerability to the project's GitHub issues, unless the vulnerability is considered critical. In that case, email me.

• In the open-in-mpv Python script: running a rogue mpv executable (where it is likely a user has a compromised system).
• Anything in the test-open script as this is only for testing for use by developers.
• The lack of a complete uninstaller.