I assume it's because it's fully in HTML, no external images or scripts to load, so you don't need to worry about your user's IP's being collected in someone's log files.
The GDPR reference is totally relevant.
You see, every popular library or js include has some kind of tracking in it. It’s default implementation, the one you copy and paste, or added via package manager, is either by default contains something hosted on a cdn, other server outside your control, contains embedded google analytics or other. It’s all justified. But it’s not GDPR compliant without my explicit plain language opt in.
This little bit of html, you can freely copy and paste, into whatever you feel like, has no tracking in it. It’s completely self contained, any tracking of its usage must be done by the copy/paster, the company that oversees your browsers activity, or your isp’s deep packet sniffing.
Also, the project now has 5 stars. Not fake either, sorry about that. The project must be resonating. Perhaps the flagging made it more important.