broccoli-closure is vulnerable to man-in-the-middle (MitM). It is possible because it allows to download the requested binary resources via HTTP, which potentially cause remote code execution (RCE) by replacing the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.