I used this script on a hosting site and didn't know about the security issues. My site was turned into a phishing site twice. The last time was 2 days ago. I had to get my hosting provider to completely remove the site and domain name. Then set up a new account with a new domain name.
It is irresponsible of you to keep this script going and not fix the security issues.