I don't have the authority (or ability) to remove the stars. I, personally, think they're a silly game, but one of numerous information sources I use when judging a plugin useful or not (I weigh the forum posts about the plugin far heavier than the stars, anyone with an account can click a star button, and most people never remember to).
Anyway. As it happens, the plugins capability checks were broken, allowing subscribers to delete posts, which is a security gap indeed.
Since we don't actively monitor plugins (it's a passive thing, if you report, we look), it's not something we'd have noticed until you spoke up :) If you see things like that again, please email the details to plugins AT wordpress.org and we'll look right away.
That said, all plugin devs have the right to earn a living. Putting out limited code in the repo, and a more advanced version for sale is fine (so long as it's all still GPL). The plugin in the repo should be 100% functional for what it is. And unless otherwise noted, you have a reasonable expectation of at least some support in the forums. If they say 'We only support on our paid site' well, they're allowed to. No one says they have to support it for free. But yes, the plugin should work.