It still baffles me. You can't stay even moderately up to date on technology news, without knowing that initiating a security breach, even on someone who has stolen your product, will still be criminal.
Yeah, not sure if you're being sarcastic, but if not: the law doesn't work like that. You can't annul a criminal statute simply by including a clause in your EULA.
If someone signs a contract allowing you to do something you're generally allowed to do the thing, with exceptions.
Dropbox uploads data from your computer on to their servers, which would be illegal had you not agreed to that as part of signing up and installing the software.
The difference is that Dropbox is only allowed to access those files I tell it to. If the Dropbox client would start crawling my filesystem for 'password.txt' or 'banking-tan.list' this would be illegal, no matter what clause is written in the EULA.
So you're suggesting that the FlightSim EULA laid out exactly what the installer was doing, and asked permission to exfiltrate your passwords if the registration key didn't match? I very much doubt that, and I'm skeptical it would be legal even if so.
It's unquestionably illegal to do it on the down-low, like FlightSim has done. It's malware, nothing less, nothing more.
[0] https://www.linkedin.com/search/results/index/?keywords=Flig....