I haven't done a code review so I can't answer that question with facts. I do think however, that anything that bootstraps a FLOSS framework like openwrt could easily be a risk to privacy.
You use privacy and security interchangeably here. They are not the same.
I don't know how you got a picture of me, but I demand it is removed!