It is however perfectly legal to make a hardware device that could make use of the Same API and driver i.e a clone. Provided it is not branded as a FTDI chip, but rather "FTDI Driver compatible"
Now that may violate the terms and lic of the driver software on windows (not on linux because it is GPLv2) but that would not make it illegal to buy nor would it give them (FTDI) the legal right to modify that hardware
Using the FTDI vendor ID is branding it as an FTDI product. I would argue that it is even more important than the text printed on the chip since that is the part of the brand that the average end user is exposed to.
There doesn't appear to be any legal protection on USB vendor IDs though. It's just important if you want to follow the rules of the USB-IF, but that's no legal requirement.
Now that may violate the terms and lic of the driver software on windows (not on linux because it is GPLv2) but that would not make it illegal to buy nor would it give them (FTDI) the legal right to modify that hardware