The main dev posted a reply in this thread, but it was deleted. Suspicious.

Hi. I have read most of this thread but let me mention that we did and still do mention in our terms that the client can gather data when required. Even so, I can strictly say that the screenshot-taking ability was already removed after the last time this came up in discussion around 5 months ago. The stolen source code is several months old and was taken from a dated branch. It doesn't resemble the state of the game currently. Almost 50% of the client, for instance, has been rewritten. For full disclosure, back when we were saving screenshots, they were saved to a private s3 bucket with a lifetime policy that automatically destroyed them after several hours. They were visible by only myself and one other person, and were never saved locally. If the other person triggered it this would be logged to me privately, and while you may not be able to take my word for it, I believe it was never abused. In the last months of its use, it was activated just over 300 times and of this activation count resulted in around 80% positive detection rate. I'm not trying to cover my ass or anything, and I agree in the current day it is not acceptable to take screenshots (even of cheating users), which is why we have changed how we operate. I have been aware of this for years and unhappy with my old ways, which is why I am constantly striving to improve. We are currently in the process of open-sourcing the full osu! infrastructure (under a non-contagious license). You can see the new website available here and the client will be released in the coming months (keep a watch on our organisation). I apologise to anyone offended by what has been revealed. Once I find the time I will likely to a full write-up on my blog. Currently operating on very little sleep due to constant incoming attacks from the source code being spread so widely.