Is nPOPuk 3.04 with SSL secure?

I recall there being some kind of security vulnerability with one of the components (I believe cert checking), would this affect that specific version?

The source performs no chain validation or CRL verification at all. All versions.

How would you personally rate that risk?

If someone successfully steals a private key, your device will recognise it unchallenged in-perpetuity regardless of whether it expires or was revoked.

The question is: what are the odds that someone gets hold of the private key.

How would something like that be possible? Like, via a breach of Google if I'm using Gmail for instance? I'm sorry, I'm not very knowledgeable on the subject

1. Insurmountably improbable computational luck at reverse brute forcing RSA/SHA2
2. Access to the server and the ability to compromise its internal key repository such that you can get access to the private key
3. Having access to a quantum computer and enough knowledge/time to orchestrate what so far hasn't been clearly demonstrated as being viable

It has absolutely nothing to do with you, your account or your device what so ever. If Google lost it, every Google service running on that key would be impacted.