Keep in mind although everything here seems to be factual (I havent tested it myself yet), this is from Codeium, a company who could be incentivized to make Copilot look worse, as that could convince other companies use Codeium instead of Copilot.
That being said, I do generally agree with what Codeium says in their blog posts, such as Be Careful Where you Send Your Code [1]. Though that post's primary purpose seems to be to advertise the on-prem solution for enterprises, it makes some valid points. Despite some minor concerns, I like Codeium as a company—as a privacy-respecting alternative to GitHub Copilot—and would like to see them suceed.
If a tool could stop all insecure code it would be an AGI. It's still on the programmer to review code they copy from the internet or generate from copilot.
...anyways, not to be confused with Codium [1], a completely FOSS, telemetry-free build of VS Code.
[0] https://news.ycombinator.com/item?id=34433412
[1] https://vscodium.com/
Edit: and not to be confused with CodiumAI [2], an AI test generator
[2] https://www.codium.ai/