Root CAs, background processes 24/7, uploading of the full process list, clipboard spying, local network scanning, surveillance (aka telemetry) - when did developers decide that our machines aren’t ours anymore?
You're not paying them. There's no transaction. They're not even giving the software specifically to you, rather they're saying "this is free for anyone to pick up" - with no warranty of any kind.
When you pick up some free furniture from the roadside, it's on you to determine whether it meets your safety standards. If the free table you picked up has some defect, you most certainly don't ring someone's doorbell and demand rectification.
That's not even a little controversaial. You put a thing on the web that says "Just a harmless XYZ" and it roots TLS forever?
Malware. Black and white.
You cannot expect the average player of an online game to have the technical knowledge necessary to discern whether a piece of software is safe to use or not. Even if you could, you'd also be expecting them to take the time to do a proper analysis of such software, which I do not think is a reasonable premise.
What's more, this is open-source software we're talking about and you can actually relatively easily perform meaningful security checks; imagine if this were not the case.