I love the product concept but the fact this person has an almost empty github and suddenly launches an app that can easily be spyware concerns me a lot :). A lot of security concerns with password etc.
The way I would do it is I release a open source code without any spyware then prebuilt dmgs that contained it. Thus the lazy people would all get it if they dont self compile. As compiling a new thing takes another 1/2 hour or more for most people, they would be too lazy to do it.