Other services used users' computers as exit nodes without clear disclosure. Users found out when services blocked their IP addresses. And why would you assume NordVPN would take any legal heat?
I mean, if this is the case, and their users aren't aware. If the users are aware, and want to run nordvpn equivalents of tor exit nodes, then I don't see a problem.