alt Hacker NewsThis is automated, no one is proposing to manually look at BTC blocks to see if you are getting cheated. The problem is that you need to explicitly run code constantly to check if this happens - which means that if your monitoring agent goes offline for any reason (which an attacker could perhaps force), your BTC that you received in a Lightning channel may be stolen.
Okay, so it's an attack vector but one that can be mitigated against by implementing redundancy.
I would argue that Lightning's biggest security issue is having to store your private keys on an Internet connected device. I don't know if further improvements can be made in this area, for example allowing for some kind of 2FA, like multi-sig on the base layer.