It is not that dramatic and probably not done with bad intention. There are without doubt also cultural differences in sensitivity for such matters.Uh, that does not sound good. I will install their firmware to peek around what is happening.
Removing import m5cloud from boot.py should stop this behaviour. Nonetheless, the casual user should always be informed. Even better, his or her informed consent should be gained.
Recently, many famous cloud platforms have demonstrated failed security. This cloud platform may be no different.