If duplicati gets more widely spreaded and therefor gets more likely a target for mass attacts by malware, this should get addressed.
To get it secured against attacts from “companies with 3 lettters” or from personal attacts, would be another story.
I just have another idea: PSExec / WinExe for central managed duplicati.
(Will post it in: Client-side agent and centralized management / dashboard)