Agreed. Years ago I wrote a discord bot for my 350-ish member server that just sends memes and randomly interjects nonsense into conversations as part of an inside joke. It can’t do that without the ability to read messages on the server [1], which Discord has “limited” now in a way that only gives the illusion of privacy: a bot cannot read messages on a server if the server has more than 500 users, or if the bot is in more than 50 servers.
I might be misremembering those numbers, I think they’ve changed several times, but my point is that my bot specifically can slurp up literally all the user data and messages it wants from my 350-member server right now because it flies under the radar of Discord’s privacy limit. I’m sure there are thousands of servers out there with actual malicious bots in them doing exactly that, and it’s not like you get a warning when you join a small server with a bot that can read your messages.
[1] I’d be totally fine if they turned off all message access for bots today. The inside joke has run its course and I’ve transitioned the bots useful commands to Discord’s slash commands.