This is a perennial and well known problem. Developers that are acting responsibly should measure carefully what they deploy. While it is not always possible or reasonable to ask for source code, you can at least require that a component doesn't have any 'phone home' capabilities.Professional programmers, located all over the world and distributing software globally, are using source code, libraries, tools, and services from all over the world, including China and Russia, for critical software that runs on Macs and everywhere else.
There is a problem with the app model that is serious. When apps can phone home (or even 'phone back' to Apple), it creates a hole in your security. If apps aren't hardened against network (wireless or otherwise) calls, it creates a hole in your security. Any subscription model is likely to carry similar issues.
There is an ongoing issue right now with Literature and Latte's Scrivener in which they released an update relating to their payment processor. Now many users are panicking because their software is threatening to turn off. If a connection isn't possible, a lot of software turns off. This sort of thing can happen to any vendor. But what if the vendor closes, or just cannot prioritize such a fix? At a minimum it is bad press any time you try to start the app. At the worst, suddenly a lot of people that are depending on an app for their work can be inexplicably be cut off from using it.