Another tale from WordPress.org plugin team from @Ipstenu
https://halfelf.org/2024/plugins-wordpress-owns-the-world/
"What someone does on their own hosting is, in no way, WordPress.org’s fault. If the code to brute force was found in a plugin hosted on .org, then yeah, we can do something, but it won’t stop the attacks."