Certainly a matter of opinion. However, I certainly consider changing the search engine so users cannot revert back to their preferred search engines without significant effort and administrative account access, hijacking the browser home page and similar socially engineered attacks as malware.
The projects that did that, did so knowingly, AND users checked to install the said component in the installer.
I did not download any malware with Lazarus.
That's because we didn't enrol in this ad-supported revenue program (we=FPC, but I assume the same goes for Lazarus)
Projects such as GIMP have already left SourceForge.
That's their choice.
I would personally prefer to see all reputable projects leave SourceForge.
That's an easy statement to make. It is less easy to find long time dedicated volunteers that will maintain such a change, and whatever comes after.
Keep in mind that FPC doesn't use SF.NET for anything critical, just as a mirror. We use own VCS,bugtracker, mailserver and ftp,www etc. The trouble of moving would be disproportionate.