The Segwit2x development team added to the project’s Github repository an implementation allowing BTC1 nodes to be masked, making it more difficult for Core 0.15 nodes to identify them. It is said that, and I quote "this officially makes Segwit2x a Trojan horse as it allows anyone to run 2x nodes in disguise.".

Can anyone explain? Is it a vulnerability of BTC ?