It’s something that’s inherently a privacy and security risk. Even if brave themselves don’t do anything malicious with it, doesn’t mean that someone who’s found a potential exploit in the VPN service won’t.
Ok, well a vpn is a potential security improvement if anything… But regardless, it’s off, it’s disabled, unusable unless you’re paying for it. I mean just for perspective, any browser is much more of an inherent security risk than a VPN app sitting dormant and inactive.
But you’re right that users never asked for it, so I get that part.