The download with unverified certificate only triggered on windows if there isn't "good enough" version of python installed. If it's already installed then nothing needs to be downloaded.
Again, this vulnerability can't exploited unless attacker is able MitM you or python.org is hijacked.
It's very hard to exploit in real-life en-masse. Targeted attack is possible, but it requires attacker to:
1) Be able to do MitM in the first place
2) You need to use qBitTorrent
3) You need to use Windows
4) You must not have python version installed that supported by qBitTorrent
Again, this vulnerability can't exploited unless attacker is able MitM you or python.org is hijacked.
It's very hard to exploit in real-life en-masse. Targeted attack is possible, but it requires attacker to:
1) Be able to do MitM in the first place
2) You need to use qBitTorrent
3) You need to use Windows
4) You must not have python version installed that supported by qBitTorrent
Without all 4 this can't be exploited.