Would love feedback on it or the overall byoFS project.
It's the transit that presents a vulnerability. If the cryptosystem can be intercepted and modified enroute to the host that will execute it, it cannot be considered secure. If the cryptosystem is delivered as part of an embedded system, it's more likely it can be considered secure.
edit: I'll add a caveat to the cannot. It's more reasonable to consider it secure if it sends a hashed checksum of itself to a server, using itself to generate the hash and it sends a copy of itself to the server to generate the hash. If the hashes match, it's quite likely good to go. The total transmission required for this style of code authentication is worth consideration.
What about it hashes itself, sends the hash to the server through a tunnel generated by the questionable cryptosystem. If that checks out, the server sends back a more robust cryptosystem through the questionable tunnel.
But Then we're right back where we started. Is that questionable tunnel weak enough to be considered vulnerable?
End-to-end is more easily checked for security.