The public subscription server is not using HTTPS, besides the default HTTP method is GET. It can be easily MITM attack and cause user's credential leak.
This repo is not using any encryption with user's password, it can be stolen by malwares easily.
Maybe you can consider:
Using nginx/caddy to provide HTTP service with reliable HTTPS, using this repo as an upstream.
Provide user graphical interface (web page frontend) for user. In this way you can change GET method to POST to ensure the security. (Credential information should not using GET method to submit)
Implementing master-key mechanism or not saving password to protect user's password.
Here are potential problems:
Maybe you can consider: