If you have found a vulnerability in VPL pl. inform its developer https://moodle.org/user/profile.php?id=150298 personally with details of the exploit. I'm no security expert, but I don't believe secure/not secure is a digital thing. You have to dive in to details, in to quite deep places.
This is a security discussion I had some time back: Securing vpl-jail-system on a production LAMP server. Quoting a post there "VPL-Jail-System serves as a stateless, secure, and isolate sandbox
for the execution and evaluation of student’s code." https://vpl.dis.ulpgc.es/documentation/vpl-jail-system-3.0.1/introduction.html