What kind of idiot do you have to be to run something downloaded from a torrent network on a local machine without a thorough audit of the code in a sandbox on a machine without critical data? However, the majority of the population are those same fearless idiots who believe in fake "antiviruses" that are completely useless against "zero-day" attacks (and this "zero-day" in reality can last for years and decades, both intentionally - a stash for them or special services, and due to complete ignoring of holes by the authors of the code) and outside the "antivirus" databases.
If you look at it more broadly - any OS/software is a Trojan on your machine with many zero-level holes and no security "updates" will ever save you, because the creators of exploits always win this competition of fake "armor" and projectile. The average person can only hope that he is not surfing the left sites (although this is an illusory groundless hope) where exploits are being introduced.
The very topic of commercial "certification centers" whose certificates are used as root certificates on billions of gadgets does not stand up to criticism, given the many scandals with them...
Humanity has wandered into the thickets of IT, where a clear hierarchical order of trust does not rule, but complete chaos and chaos reign, and, for the most part, intentional chaos, since in muddy water it is much easier to fish out the data of ordinary people and accumulate it in valuable big data databases...
Against this background, the "holes" with certificates in qBittorrent are simply comical. After all, users of such software a priori don't care about the security of some "certificates" and SSL - what's more important there is fast downloading and maximum available seeds, if you trust the hash file of the .torrent file posted on some file exchanger (tracker) at least as a first approximation, which does not cancel a full audit of the downloaded content immediately after the download is complete - if the user is adequate.
qBittorrent, a popular torrent client, has left a key backdoor open for 14 years. A security measure that began getting skipped back in 2010 is now being re-implemented. There was no word to users about this fix, beyond the usual patch notes.