I agree 100% with @Pieter.
This thread has gone off topic quite a bit. This is, for example, nothing to do with security. This is to do with keeping the directory clean and composed only of plugins whose developers are at least somewhat active.
Several of the comments have also overlooked the significance of the point that we are talking about a directory and not a repository. If a plugin is removed from the directory, that does not mean that its code disappears. Not at all. It just means that there is no link to that code from the ClassicPress website. But the code will still be where it will always have been: on the developer’s Github site.
The effect of removal will thus be to withdraw the developer’s privilege of being somehow endorsed by CP. Current users of that plugin won’t be any worse off, because the plugin will work just as well as it would have if the plugin had remained listed in the directory. Potential future users will not, however, have an easy means of finding the plugin unless and until the developer updates the readme.txt file.
That all sounds really straightforward and sensible to me.