While it’s not originally made to be a malicious tool or intended for malicious use, it’s definitely still a tool a malicious “hacker” in the commonly used sense of the word could use.

It’s still a damn handy HTTP proxy for MITM to decrypt SSL traffic, for example. This allows one to closely inspect how a site’s authentication mechanism is implemented, among other things. I still use it today occasionally to try and understand how a given API or site feature is working/implemented based on the raw HTTP requests. You can also use it to try and replay HTTP requests with modified payloads too, as another example. There’s loads of hacking related activities Fiddler can be handy for!

Fiddler’s entire purpose is arguably to intercept, modify and replay HTTP/HTTPS traffic. Many debugging tools like this can also be used nefariously. If I needed to try and poke for vulnerabilities, a debugging proxy like Fiddler is absolutely something I would put in my toolkit. There’s no shortage of tutorials on google for using Fiddler to try and hack websites either.

If you're trying to mitm, you want a hidden agent that isn't easily recongizable and takes up little space.

I am still using it occasionally. It's for capturing network messages like REST services. It can also capture local SSL traffic by injecting certificates.