(1) A #VPN is not a panacea for security issues. In situations where it is beneficial, it is only part of what you should be doing.
(2) Yes, when you use a VPN, you are trusting that organization and its employees the same way you are trusting your ISP and its employees when you use the Internet from home. If you're accessing from a public Wi-Fi, such as a coffee shop or a hotel, your are trusting the company where you are, their providers, and the employees of each. It is not unheard of for legitimate sites to be blocked and some dodgy sites to flow through fine. Unfortunately, you don't have a way to check. You have to believe what the organization says or reject what it says without any evidence in either direction.
(3) It was never about "hackers" (crackers) sitting in the coffee shop parking lot. It is much more about some bozo at the coffee shop visiting unsavory sites and the ad networks tying your location to their browsing, so that you start getting those ads in your normal at-home browsing. Don't get me wrong, there could be a malicious person sitting in a coffee shop, waiting to hijack your bank account. But the article is correct that spreading HTTPS and other TLS-augmented protocols helps to minimize their effectiveness.
(4) Some people rely on VPNs as proxies, so they can view media streams outside their target distribution areas. For that person, a simple proxy may or may not offer a better deal. I have not tried to use VPNs or proxies for such purposes, but if the alternative is to allow some company to decide where you can view the desired media, I can see why people might choose to use a VPN or proxy.
(5) HTTPS and other TLS-augmented protocols are a great step forward, but bad guys are constantly finding weaknesses. The same is true for VPNs. The idea of sitting around and slapping each other on the back for "ending the threat" is very premature. This is likely to come back to bite someone.
I should also point out that I am in agreement with some points. From what I've read, many #VPN companies keep logs ... which may contain enough information to identify specific customers. Many of them have poor security (that is, there have been reports that such logs escape company control).
The companies could be subjected to government pressure.
I haven't seen any reports yet, but I am just waiting to hear about a VPN company being hit by #ransomware. What would they trade in order to get their infrastructure back?
To be clear, all of these things are possible with your #ISP also. In particular, your ISP is very likely to surrender you to copyright strike requests.