ibapi is vulnerable to man-in-the-middle (MitM) attacks. The vulnerability exists because it allows downloading of requested executable files via HTTP if there is a privileged network position for the attacker. It can subsequently open up a loophole for remote code execution since the attacker can swap the requested files.