So the Accellion FTA is hopelessly insecure?
"Reverse Engineering" is merely acquiring the source code the hard way. If the software is not secure if the bad actor has the source code, it's not secure at all. The only thing that should let you in is the keys. Otherwise it's just security-by-obscurity, and so not secure at all.
If you are using this stuff, time to quietly replace it with something that is actually secure.