I took a look at the latest (patch #2: 08-03-2005 KB-2057) vhbackup.pyc from Ensim. Although they have fixed almost all the vulnerabilities, there is still an attack that could allow a site user to gain root access to a system.
I was able to decompile Ensim's vhbackup.pyc, and make modifications that I think fix the problem.
Hopefully, they will not object to one of their customers making a minor security patch to one of their files.
vhbackup.py MD5 :23907f9d0c8a96ca3e5288e08bcdd295
Unofficial modified version of uncompiled python version of vhbackup : vhbackup.py
diff between original (patch #2) from Ensim vhbackup.py