Why API key is deprecated and for what we need oauth_middleware_url?

I just updated the module and this update seems to me very suspicious.

Why API key authentication is deprecated? It's deprecated by Mailchimp as well?

Why do we need oauth_middleware_url? This looks very suspicious and dangerous. And this proxy is not showed up anywhere in UI and not configurable via UI. What happens if Middleware website will be unavailable, hacked or shutdown? How can we be sure it is not storing the data? Because for now, it looks like this proxy can store our OAuth tokens as well and use them for their purpose.