Seems not applicable, given it will still download and install random LSPs for you without asking.

Is that directly related to the GitHub issue? Or you just mean that they're taking security more seriously?

I was searching the article you linked to see if it addresses the GH issue in any way, but it seems to not.