No one should risk an unknown entity taking illegal control of a key plugin on their site. I can't imagine anyone wanting WP.org to weaponize more plugins on their site.
But none of his actions are sensible if he just wants to defend it. He's done more damage than WP Engine ever did.
The argument that WP Engine is trying to mislead people is weak at best. We're seriously saying that talking about WordPress hosting was misleading? To whom? What about every other host that does this?
Also considering the current deliberately misleading state of .com/.org/Automattic/Matt/the foundation etc, I really think they could do a lot to lead by example there before going this unnecessarily nuclear to others. I don't believe it because the reaction is totally out of line with the issue.
Update ACF and stay secure against this latest threat. https://www.advancedcustomfields.com/blog/installing-and-upg...