I think PG, especially since the whole 1password / open source debate, has been relatively clear on what it takes to add or remove a recommendation.
The real question, in my mind, is based on your reasons do the actions of Strongbox rise to the level of “directly impacts people’s privacy negatively”?
I am not sure it does. 
Especially because the crux of your argument seems to be that they are no longer open source, which is still not a criteria.
While I can see your point about a loss of trust, since nothing about these actions change the actual product (ie the actual password manager is just as trustworthy), I am not sure it reaches that bar @jonah set.