Franz Josef Kaiser, "Reviewing a plugin with 1 star without having it in use or inspecting the code is worth nothing." That's what you did.
You did not review the code it generated. Just looked at the dummy front end and labeled it malicious.
First of all it is SaaS service and the plugin is a dummy front end. it is a collection of forms. Its only purpose is to send app data to the SaaS service which generates pure WP API code. It is not the only plugin functioning as SaaS frontend in the repository. We believe it is a game changer. It simplifies so many things.
How do I know? Our company have been using it for 6 months for our clients. For your knowledge we also employ security experts who check every code we sent to our clients.
Secondly, Wp App Studio is an open source plugin, if you like to improve the code, post your code and ask them to review it. But don't write BS here with some knowledge you had.
Have something to say, share your "immense" knowledge with us and give specifics so that they can fix in the next release.
Long story short: It is open source, man. Being a hater helps no one.