We apologize for looking at the wrong tool and want to thank you for correcting us. When we did our initial work over a year ago, we incorrectly concluded that slaktool was the primary package manager. This is something we clearly should have discovered and corrected when reexamining package managers.
We have examined slackpkg and have sent a list of important security vulnerabilities to the Slackware security team. We'll wait a little while to make the specifics public but the security flaws are impactful, easy to exploit, and in the same vein as the issues we've mentioned for other package management tools.