Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.
https://exchange.xforce.ibmcloud.com/vulnerabilities/17692
http://www.securityfocus.com/bid/11353
http://securitytracker.com/id?1011586
http://secunia.com/advisories/12795