uom-se is vulnerable to man-in-the-middle attacks. The library resolves packages via an insecure HTTP channel.