The false positive is in relation to detecting "possible" remote connection technology within the installer. Very common with installers that haven't ever been encountered and have any internet features (like DLLs accidentally bundled).
In ESET, and a lot of antivirus, generic detection is something that could be used maliciously. Very common with indie stuff.
Additionally, not being a HTTPS secured serve, it is at risk of third party meddling without the host administrator, or datacenters knowledge.