I have to assume this runs the risk of opening the floodgates for potential vulnerabilities to be discovered now. Hopefully they're prepared to start working on a bunch of new bug reports.
Closed-source code isn't that much less secure than open one that I think this is a legitimate worry, especially in this case where the obfuscation doesn't sound like it was effective much
Whether is obfuscated or not. Minecraft java runs most logic in java, and write the save and network handling in parse & validate style instead of serialization/deserialization style. So there isn't much "vulnerabilities" for you though. The game probably isn't best in performance, but there aren't much vulnerabilities either.
