The Plugin never checks if the persistent key has been changed and continues to use it even if it is not a secure one.

I wrote all the details of this issue in my private project due to the sensitivity of information. @sirAndros and @shuffle-c are added as collaborators.