We’ve known this for a long time. And I still notice people recommending “free” resources, as if it being free, or open source, makes it necessarily trustworthy. There’s absolutely no guarantee of that. Whether a product or service is inherently good or bad or safe or unsafe is entirely independent from how it’s funded or who pays for it or doesn’t. Obviously how something is funded is an extra layer to consider regarding ethical concerns. But you can have an open source recipe using humanely sourced poison that’s deadly.
It’s really problematic that so often good information is behind paywalls, and disinformation is of course made free, for maximum spread for deceit. But often some “free” stuff is actually a lure to retrieve information from people, and people’s personal information is extremely valuable, especially that identifies someone as part of a particular target market. Social engineering attacks also use the watering hole strategy – seeking people out where they are likely to be with a lure they’re likely to take.