Even if we assume that's true (I very much have my doubts), this is a totally self-inflicted problem as a result of bad design: there's no reason a garage door opener should rely on a remote server instead of local communication.
You don't even have to go so far as saying they should change the embedded software. Here is the problem:
> The MyQ integration was introduced in Home Assistant 0.39, and it's used by 3.1% of the active installations. Its IoT class is Cloud Polling.
"Cloud Polling", meaning they don't have a way for an API client to register for state change callbacks. I'm sure this is why there is so much traffic - if Home Assistant wants to support triggers based on state changes (eg door opening, turn on home lights), then it needs to repeatedly check the status so that it becomes aware of the change in a timely manner.
(Personally I only buy/use devices with local control, and generally cut them off from Internet access. Just saying though)
If it's not on a remote server, then how would you know when people leave/arrive at their homes? You'd miss out on so much sweet, monetizable personal information. Won't anyone think of corporate profits???
As they themselves admit in that statement: There used to be an official way to integrate locally, but they discontinued it (myQ Home Bridge) and they're hard to find today (inc. huge markups when available).
Perhaps they updated the statement since then, but they're not accusing them of "basically" DDOS: they literally say DDOS now. Which of course prompts the question: is the problem that the CTO doesn't understand what DDOS is, or are they intentionally painting HA as malicious somehow?
TBH, that's better, as that is a problem that could be fixed. Even if we had to switch to a tilt sensor and just retain control, that'd be much better than their approach.
IOW, this real reason is better than their dumb comment about "unauthorized use".