PSA: Malicoius Code in Classic Replays --- According to WG's article/page

DomoSapien: So, the 'malicious code' is referring to a vulnerability that was found with replay files several years ago. There was a way for someone to edit the code in the replay file and inject malicious code that posed security risks.   Since WOT Classic is operating on similar architecture, it's possible that vulnerability still exists in WOT Classic replay files.

That said, the files being created by WOT Classic are perfectly fine, but you should be careful about opening WOT Classic replays from people you don't know or don't trust, to be on the safe side.