Secunia PSI, a well recognized program that identifies insecure programs, lists the copy of curl.exe you're bundling as insecure. You're shipping 7.21.7.0 and the current/secure version is 7.24 patching one or more vulnerabilities.
Description of vulnerability:
http://secunia.com/advisories/47690/