Insecure defaults in CosyVoice runtime paths (Must Read Before You Download The Code)

[robinbakshi007]

Describe the bug
CosyVoice contains several insecure-by-default behaviors in runtime/example code that can expose deployments to avoidable security risk:

• Broad CORS (allow_origins=["*"]) in FastAPI runtime service.
• TLS certificate validation disabled (verify=False) in reward client.
• Remote dataset code execution enabled (trust_remote_code=True) in inference scripts.
• Unsafe checkpoint deserialization (weights_only=False) in Triton model loaders.
• Shell invocation in utility (os.system('sed ...')) where in-process file editing is safer.

Files in Questions

• server.py
• reward_tts.py
• file_utils.py
• streaming_inference.py
• token2wav_dit.py
• offline_inference.py
• model.py

To Reproduce

1. Go to runtime/python/fastapi/server.py and run the server with defaults.
2. From any browser origin, call inference endpoints and observe permissive CORS behavior.
3. Go to examples/grpo/cosyvoice2/reward_tts.py and run score request against a TLS endpoint with invalid cert.
4. Observe request still proceeds due to verify=False.
5. Go to runtime/triton_trtllm/streaming_inference.py (or offline_inference.py) and run dataset loading.
6. Observe load_dataset(..., trust_remote_code=True) executes remote code if dataset defines it.
7. Go to Triton model loaders and observe torch.load(..., weights_only=False) for spk2info.pt.

Expected behavior

• Default CORS should be restricted (localhost or explicit allow-list).
• TLS verification should be on by default.
• trust_remote_code should be opt-in, not default.
• Model loading should prefer weights_only=True when feasible.
• Avoid shell command execution for local file edits.

## Screenshots
N/A (code-level security issue).

## Desktop (please complete the following information):

• OS: macOS
• Browser: Chrome
• Version: latest

## Smartphone (please complete the following information):

• Device: N/A
• OS: MacOs
• Browser: Chrome
• Version: N/A