The part that scares me about the FSLabs forums' response on the issue is the number of people who think this is perfectly legal, and moral as actions go, or otherwise not a problem... they, from my understanding, did not disclose the software (
even omitting its presence from testers), reportedly have control of the software in such a way where it only affecting pirates is not a certainty, as mentioned, decrypts and mines Chrome passwords - IRRESPECTIVE OF WHAT THEY ARE, OR WHO IS ACTUALLY USING THE COMPUTER, sends them IN PLAIN TEXT, unencrypted, to a server that reportedly has vulnerabilities... not to mention, some will cite a ToS/EULA, which misses that they are not, in fact absolute, and can not allow a company to break the law.
They dun goofed. Their responses seem rather half-assed, and the justifying that their supporters have is just unfathomably stupid from a Comp Sci perspective.