I haven't seen GrapheneOS folks going out of their way to attack anyone.
I often see them being on point and highlighting important details. Majority of custom roms aren't taking security seriously, so I don't think there's anything wrong with calling them out on that.