My perhaps naive assumption was that KeepassRPC potentially opened a network port on my machine which would:
1.) Normally be blocked by my Windows firewall.
2.) Only be exposed to my local network, due to the firewall in my router.
Based on the description accompanying the 1.12.1 release, it sounds like simply by running KeepassRPC, a malicious website can bypass both of those and so the KeepassRPC interface is in effect tunneled through both of these firewalls by my web browser? If this is right, running KeepassRPC is a LOT more risky than I thought it was.
Can you provide some explanation of how this works, or a link to an explanation of the underlying technology that allows this?