It’s not written in C++, it’s written in Rust. Among other reason, exactly to prevent that kind of problem. It doesn’t have servers and indeed doesn’t need VPN. While the system is build upon TCP(/UDP)/IP, there are of course IPs, yet the network has its own routing system which is based upon distributed hash tables as used in peer-2-peer.
Please familiarize yourself with the project before you make broad unfounded claims about the systems overall security.