tconnectsync doesn't manipulate any pump state and instead just reads data already being sent from the pump to your smartphone via t:connect, so there should be no concern here. There is no back-channel communication from the t:connect servers to the smartphone app and then your pump.
tconnectsync doesn't touch any of the API endpoints that the smartphone t:connect app uses to upload pump data. Even if a malicious user were to decode how that api endpoint works and send fake pump data to it, such that the t:connect website showed e.g. additional boluses or a lower basal rate or something like that, it would only affect the website and not the control:iq algorithm since that entirely lives on the pump.
tconnectsync doesn't manipulate any pump state and instead just reads data already being sent from the pump to your smartphone via t:connect, so there should be no concern here. There is no back-channel communication from the t:connect servers to the smartphone app and then your pump.
tconnectsync doesn't touch any of the API endpoints that the smartphone t:connect app uses to upload pump data. Even if a malicious user were to decode how that api endpoint works and send fake pump data to it, such that the t:connect website showed e.g. additional boluses or a lower basal rate or something like that, it would only affect the website and not the control:iq algorithm since that entirely lives on the pump.