Here is one discussion from a so-called whistleblower I was involved in. I will let you decide on the ethics[1].
I'm in the ACH space and I personally know a merchant who planned on using them for account verification for point of sale ACH payments. This merchant also planned on grabbing transaction history while they were in there for I don't know what. Analytics maybe? I have no idea if they ever went through with their plan.
This was the merchant, and not Plaid. While Plaid gives such merchants a lot of power, I don't think the ethics issue lies with Plaid (though you could make a good argument that they should grant limited access, and full API access only on a more restricted whitelist basis)
I'm in the ACH space and I personally know a merchant who planned on using them for account verification for point of sale ACH payments. This merchant also planned on grabbing transaction history while they were in there for I don't know what. Analytics maybe? I have no idea if they ever went through with their plan.
[1]https://news.ycombinator.com/item?id=17692291