True yes but a lot of cracks are real and still include malware. And it can even be introduced remotely. A malware downloader is a few lines of code hidden among millions.
Also analyzing malware tends to make one more paranoid. This is definitely a thing too.
And the most powerful features of it like hexrays require cloud cooperation so they don't work :(
I really wish it was affordable for individuals because I would pay for it if I could.
IDA's decompiler is only cloud dependent if you have the crappy version, if you have the full Pro version with the add on its entirely local.
While it's true that malware could hide well theoretically, I'll also add that in my experience investigating malware infections from friends and family and occasionally hunting for malware myself, samples attached to cracked software tend to be things like miners, iStealer, script kiddie RATs, etc using simple "binders" - which are usually incredibly obvious, like extract the real executable into %temp% or the usual RunPE gimmick. People posting malware on torrent sites are not exactly APTs using spear phishing attacks.
For what it's worth, IDA now comes in an IDA Home version [1, 2]. It is a one year subscription for 365 USD (single arch) and is cloud tethered for at least the decompilers. I no longer have access to IDA Pro via my university, so I am now using Ghidra. I can recommend newcomers to take a look at it or other tools (e.g. binary ninja), if you are not locked into your IDA workflow.
For me IDA Home seems to lack at least one key feature we needed back then: customizable CPU plugins. We had to extend one with a newer version of the instruction set. On top of that, that CPU type is not even available via Home. Also no RISC-V support (yet?).
On another note: the whole cloud based concept for a disassembler/decompiler with debug support sounds like a recipe for disaster. One wrong key press and you might run malware on an internet connected system. Even when only disassembling, I am tempted to run everything in an offline VM to defend against bugs in the disassembler.
Also analyzing malware tends to make one more paranoid. This is definitely a thing too.
And the most powerful features of it like hexrays require cloud cooperation so they don't work :(
I really wish it was affordable for individuals because I would pay for it if I could.