This is a tricky one, but I suggest to not send key non-encrypted as done here:
client.cs#L164
It's hard to do an another way, but one would be to force the user to login on the webpage to input their key, and then verify the installation through the client, if needed.
This isn't a Blockland key, it's (intended to be) a single-use time-constrained token to authorize the client. This project has been largely discontinued though.
This is a tricky one, but I suggest to not send key non-encrypted as done here: client.cs#L164
It's hard to do an another way, but one would be to force the user to login on the webpage to input their key, and then verify the installation through the client, if needed.