In case that you discover a security issue, please use this contact for reporting it privately:
Lars Fenneberg <firstname.lastname@example.org>
A PGP key for encrypted communication is available on the usual key servers. The key id is 0xCAF0E5281F46FD85.
While a lot has changed any security vulnerability found in Benji might also be present in backy² from which Benji was originally derived. So you might want to take a look at https://github.com/wamdam/backy2 to see if backy² is also affected. If that is the case please contact Daniel privately, too.