This is a minor issue but it's been bugging me for months.
1) When I click to download the new PT version in the popup when PT starts, I get directed to a HTTP (unsecured) site in my browser. I then change http:// to https:// in the address bar and end up at the HTTPS PokerTracker site (secure). However, when I then click to download the EXE file, I'm still redirected to HTTP because your ptrackupdate.com server doesn't seem to have HTTPS enabled.
2) The EXE program file is digitally signed using SHA-1 hash. SHA-1 has been broken a couple of years ago using <$100K worth of cloud computing.
These are not big problems, AFAIK hackers are not going around faking SHA-1 signatures, but considering how cheap this has become and how rich targets poker players are, I think fixing this problem is cheap and has unlimited upside in the years to come. Fixing either of these issues will fix the whole problem and all it takes is a SSL certificate