My opinion as well as many as my peers is that ACF could have been rolled into core or bought by Matt long long before it was acquired by WPE, which most of us found as a good thing, being that its a critical plugin and gained long term support.
Plugins have bumps, that's part of the growth, and some of the changes ACF have made as of recent years, even the ones I disagree with, seem well intentioned and not malicious. I can't say the same for what is happening right now.
WP and/or A8C took over the existing plugin, so that sites that have auto-update on were automatically bumped to the SCF version instead of the historical ACF which obviously had a different team of maintainers
(community member, not affiliated with WP, WPE, or A8C)
I can confirm this has been escalated internally in the WP slack.
I can also provide this context which I found concerning, given the way this was taken over and rolled out on a Saturday afternoon, of which I have also been dragged into now as a fellow site maintainer.
- Matt Mullenweg
"in a few days we'll have a Github where people can get involved, and we can also set up proper build systems, etc"
So its all in flux obviously. I let them know the same thing, that I find this as a malicious supply chain attack that is affecting the community.