No disrespect, but what are you credentials to provide “personal opinions” on a security matters from a document that you have not fully read?
The scope of the audit is clearly stated in the document (and blog post), which states that full access to infrastructure and code was provided.
You probably just read the title of the report which does say “Penetration Test”, which is exactly the same title of the Mulvad report, that you also have not actually read: ros-website/ros-public-reports/ROS - Mullvad VPN 2023.pdf at d923ae2001cdf48deeb0130475a415273e5087c7 · radicallyopensecurity/ros-website · GitHub
Scope 3: Now we’re getting into the tin foil hat territory. If that was the case, it would be in the report. Much like it is Mulvad’s report where they accidently sent production traffic through a test server.
MLL-024 — Production multihop traffic on test system
The VPN server used for testing processes multihop traffic for production VPN users.