With all respect to the developer (could be a nice guy) if you really need to give something for free give the source code of the web application it self, what you basically did is wrap up a webpage on an exe *of course it doesn't have a virus but still unsafe* and you are collecting private api keys from people, this application doesn't communicate directly with the exchange, it connects to your server first and that is very obvious.

Sorry again, I am just giving a headsup because you are not a prophet so I cannot trust you enough, I trust only what I can see and compile or run on my own server or computer without it using your server.

Regards