Thank you for your quick reply. The magic word in using a plugin is TRUST. As a plugin user, selecting a plugin for a certain function, you ask yourself if the plugin author can be trusted to create a well written plugin that doesn't break your website, and you ask yourself if the plugin author can be trusted to update the plugin when needed and provide some form of regular service.
Over the years you have really earned that trust. You have written a fantastic plugin that is downloaded over 2 million times and your service was really very good.
But... everything that happened with this vCita code has not helped to sustain that trust. And the way it works out now, by first getting a new update out there, and then hearing from crudhunter that a new backdoor e-mail sending piece of code behind a banner has been introduced is not helping either. One tends to wonder what else is in the code that has not been found yet.
I understand that you want to make some $$, and maybe a lot of $$, from cVita. There is no problem there. I understand that fully and you deserve it. But why this way? Why not make a seperate plugin for vCita and have your plugin work with that. Why clutter your code with this vCita function if it is only used by 0,2 % of your users and if it upsets your other users?
This was only a one time limited email announcement message of new features for Fast Secure Contact Form to existing Fast Secure users, letting them know about the new options. The message was sent from the plugin directly, we are not attempting to collect data.
Then why was this e-mail crafted the way it was? With a link to the vCita website to "unsubscribe" from the service...
Furthermore you write about vCita and how nice and well-behaved these people are. That is all good and well, but why should I trust them that they won't abuse my email address? Because they say so? Trusting them would have been a lot easier if they made another introduction, not by spamming me through your plugin. I understand that the mail I received has been a collaboration between you and vCita.
I hope this is all a one time only mistake and that all will be corrected in the following update. I also hope you realize that, at least in my opinion, the tactics that were used, and are still being used, are not in accordance with WordPress guidelines, and are not helping you to further the succes of your (until yesterday) great plugin.
I trust you will take all this to heart and do the right thing. I'm looking forward to your next message/update.
I wish you all the best and hope you make a lot of $$ with this plugin. It would be well deserved. But please, please find another way to do that, so I can confidently keep using the plugin. There are a lot of good examples out there that work really well, and that don't violate user-trust.