Kind of disturbing that a VPN company seems to be doing harm while it’s supposed to protect the client. Good question about the Fuds being all over it. We know they want back door codes into everything they can, Constitution be damned.
Doing really good security correctly is HARD. It's like sealing a building against flood leaks -- it only takes one weak point and the water gets in.
Even if the VPN manufacturer is 100% honest and reliable, it's software, and mistakes happen. Air-tight Q.A. helps, but is expensive. Most security software has vulnerabilities even after many releases to "fix bugs".
When you add in the very high probability of corruption, compromise, etc. from bad actors, it's amazing that anything is secure at all.