“Any selected text being sent to both servers over unencrypted HTTP, including potentially sensitive information like passwords from password managers or confidential documents.”
A dictionary app has been silently shipping your clipboard contents to Chinese servers over plain HTTP. This feature is on by default. The same bug was reported in 2009 and again in 2015. Nobody fixed it. Every password you highlighted, every sensitive document you selected. Ten years of your data, unencrypted, straight to dict.youdao.com. Open source software only works when someone actually reviews it.