In a nutshell: installing this mod and set it as security.http_mods may cause security issues. Do not do so. There are no problems when you don't use its HTTP functions.
i3 stores its HTTP API in i3.http, which is a global variable.
Please explain how it causes security issues, I'm all ears. i3 isn't the only (popular) mod to store the HTTP API in a global. And, you are supposed to trust the mod in your local settings to enable it.
Addressed your concerns in the last commit: https://github.com/minetest-mods/i3/commit/382ff397
tbh this really is something that should be addressed as a issue one the github repo rather than a review
and now that it is resolved is probably best converted to a thread
This "review" has no relevance anymore by the latest release and should be removed or moved accordingly. Thank you.
converted review to thread