There is a wide gulf of difference between installing an IDE from a trusted corporate entity who would be sued if they did this kind of thing by default without warning vs. installing a 3rd party open source plugin from a developer you've never heard of without reading the description.
>a trusted corporate entity who would be sued if they did this kind of thing by default without warning
Microsoft does key-logging by default in Windows 10. They don't hide the fact that they do key logging, but they don't advertise it to users either. And yes, it's key-logging even if they claim it's for "telemetry purposes only guys, for realsy".
There is a difference but it doesn't change anything for me as a contractor. I'd imagine suing Google or Apple would be no fun when I'm sued by some bank for a breach of NDA.
As a software dev we ideally should keep in mind for what kind of target audience we are developing our tools, and in this case it is obvious that this tool would be a problem for many if not most companies for security reasons.
Is there even a reason why anyone would want to have all his source code sent to some unknown third party? Or why this would be necessary for something like spell checking?
I doubt that the dev has bad intentions with this plugin, but imho this tool is badly designed and unusable. Doesn't matter how visible this information is, there are no justifications I can think of why I should allow my source code to be sent to a third party.
That is a lot of trust in a corporate entity who in all honesty trys to profit from you wherever possible, and they would not be sued if such items were spelled out in the TOS. In this plug in, the plug-in author placed a notice where it could be found by anyone, not hidden away. Here, just as dspillett said, do your own due diligence and select products accordingly.
At the same time,even large trusted corporations can impose interesting license agreements (runtime or otherwise) that you better be well versed on before you start creating releases of your product.