To me, it looks like Kite miscommunicated but didn't propagate spyware. From what I understand after reading the related issue on Github, it did not do any requests to its servers without explicit user permission.
And I think the bigger problem is that 3rd party plugins are becoming a thing. Now, it's all about plugins, installing dozens of plugins that are difficult to audit before hand. It's like blindly installing software from torrenting sites, but shinier because it has the Github stamp on it.
Could you please elaborate ? I read the whole thing when I posted this comment: it seems like Kite did not automatically request its servers and I do think that plugin-mania is the bigger problem here. Installing plugins with no way to audit or restrict their access to the system capabilities is the problem. They should run in a sandbox. This has even been suggested before [1] but it seems like it has not yet been implemented.
And I think the bigger problem is that 3rd party plugins are becoming a thing. Now, it's all about plugins, installing dozens of plugins that are difficult to audit before hand. It's like blindly installing software from torrenting sites, but shinier because it has the Github stamp on it.