Add encryption function (e.g. AES256) to encrypt files inside CAB. User can specify encryption key in webupdate component to decrypt update.
Currently the files inside the CAB file can be replaced with malicious software with the same filename without the update knowing that this happened.