An "unknown third-party" has it back up as a public torrent index. I think it's a honeypot too. Don't use this service ever. Many people will still use it though..
Technically speaking they could target VPN users by infecting uploaded files with a simple trojan that pings home to a server, I assume you disable VPN after the download is complete.
It's been a few years since I've downloaded a torrent. Spotify and Netflix are more convenient for me. My own routine was a VM purely for running a client in a VPN-only environment, tables to drop all non-VPN traffic and file transfers using shared folders. The VM was "virgin" to prevent any identifable info leaking out. It is possible that this is slightly more hardened that a "typical" use if a VPN. I was thinking in this context when I posed the question.