The package is no longer maintained and includes potential security
vulnerabilities (a use-after-free and several crashes) that are known
and not fixed in the version present in nixpkgs. They don't look too bad
judging from the trigger vectors mentioned in the changelog, but with
the project going unmaintained one of them becoming a security
vulnerability would likely not be noticed.