The plugin is definitely not a scam. They do not spam sites.
I am using this plugin on different servers/hosts. One was getting tons of spam. The other was getting no interaction. Installing and enabling the plugin resulted in no change in the level of spam attempts. Spam occurs when the spammers discover your WordPress site, not just because you install and enable this plugin.
As for having to pay for this plugin, the plugin developers are paying for servers where the program they've develop does the work. They are charging a reasonable amount. They aren't gouging. If everything were happening only on one's WordPress-site server, then perhaps one might expect this to be free.
There are some plugins out there that do interact with off-site servers and are free (so far), but the plugin developers for those plugins must be making their living some other way or be independently wealthy. Lots of plugin developers develop and support free plugins for their resumes. It does look good. Others just love WordPress, which if free to download and use.
Regardless, coders have to eat too! "A worker deserves his wage."
The guys who've developed this plugin and who are supplying the server(s) to crunch the database have very high, very responsive support. All the logs are on their server(s) where you can log in to see all the captured spam. It's not filling up their clients' servers. That's usually a good thing for people with economy hosting with limited storage. It also keeps the plugin working better for more different types of WordPress-server set-ups. Think about it.