Exactly! The trading logic layer algorithm should be separated as much as possible from the broker layer API. The algo only should be concerned that the market API manager layer (whoever it is) is going to work. algo { marketAPISession.executeMarket("dax","long", 1000) } The algo doesn't care who is behind "marketAPISession".
Even in widely used webservers or operating systems, zeroday vunerabilities are reported from time to time. If mt4 would be flawlessly programmed then the frame system where it run might not be and you may never even know that some bits or bytes were taken or added. Good hacker would probably try to get info very stealthly. If broker or someone else really wants your strategy ,some ways could be to have install files rigged in brokers server or send rigged pdf or office file to email. For more complex strategy it might be good to have bridge to mt4. Because in mql ,to program it can be hard to read code,I have only coded bridge in mql for moving info and no longer strategies. If make bridge code serialized universally then no fixation to mt4 platfrom as you can later just program new bridge to connect to other platfroms.