How can anybody defend this? So someone pirated the stuff and then you think that sending ALL of his PASSWORDS to an unencrypted, RDP open server is OK? Are you crazy? On HTTP channel even a 3rd party can stole your passwords during communication, or FSL could sell them (note that I don't say they were or they will, but you can't be sure). This could destroy the life of a family if there were e.g banking passwords in that list. Do you still think it's okay because someone in the family (maybe a 12 yeard old child, who is using common computer with his/her parents) pirated an FS addon? Of course storing banking (or any other for that matter) password in your browser is a horrible idea, but not everyone are computer experts or can think about the possible consequences. It was not DRM, it was malware.
It was activated only when a blacklisted serial found, said by fs labs. How can they be sure that there won't be any software issue? They can't. Will you defend this when your serial will accidentally became blacklisted (that wouldn't be the first time when software issues can cause something like that, think about false alarms in antiviruses, or online activation issues in any modern application with online activation), and when you next run the installer your passwords sent to their server?
Also with this being publicly known, any hacker could run test.exe on a machine which has the old FSLabs installer on it, and can redirect the password data to his own server. Do you realise how dangerous is this, not to mention that this was completely illegal, and violates the law in almost every civilized country, incl. the USA, the whole EU, Canada, Australia etc. Also I think this could bankrupt FSLabs if there will be lawsuits against them, that clearly shows how stupid this move was.