I didn't realize that the software allows remote upload of the configuration file in the default configuration... Ouch.
I have set the port to read only and changed it to a different number.
It may be a good idea to advise users in the next version of the readme file that such an exploit exists...
Thanks,
Ok, I'll add a warning in next update, in both readme and miner itself.