Yesterday I learned that a lot of crucial stuff in Postgres was developed by Russians (the list I saw was quite extensive). So if you run nginx+Postgres (like half the Internet?) then WinRAR is least of your concerns
That's a fair point. Perhaps a solution could be that if someone were willing to pick up the par2cmdline code base and work with the 7-zip developers to merge it into their command line and GUI then there may not be many reasons left to utilize WinRAR.
I've met many incredibly talented eastern European engineers, who seem to overwhelmingly enjoy low-level programming (compilers, database internals, etc.). I don't see the concern.
They live in a country where you can literally get arrested for walking around with a blank piece of paper. Just because you MIGHT write something subversive on it.
The ability of the Russian government to lean on incredibly talented developers is extremely large.
The Russian government has recently shown itself to be willing and even eager to use coercive tactics against its own people.
The trust issues with software developed by Russians isn't that the engineers are Russian. It's that the engineers and their families are currently in Russia.