Referrer is sometimes nice to know. If your site gets a traffic spike from an email newsletter that traffic won't correctly identify the source in the http headers.
The article says they received a list of known NK hackers' emails in advance and the hacker used one of those addresses to apply. Pretty big red flag there if you ask me. Is it really unfair to halt the process at that point?
It's all fair criticism. The lessons learned will only take you so far, so the caveat is that if you think it's a bad project then you're already above a certain level. Go you :)
You might take it in the context that they are shipping a real product at a fair speed so where it deviates from ideal what you're seeing is the educated choices of the tradeoffs to make in a real business (which is a statement of the plane team's opinion, yours may vary).
The Plane codebase is a good read. If you want to see a well put together Django + Nextjs project you should check it out. There has been a lot of talk recently about what open source means. To completely side-step that discussion, I have plane starred on github because I learned a lot looking at their code without ever having run it or ever using the product.