A link to a three-letter agency doesn’t have to imply a danger in case of free software. Otherwise you should not use Tor as well.
This decision was reverted later.
There is a related discussion here about Debian. In it, I tried to use the same argument about the proprietary blobs, but didn’t convince anybody. Surprisingly, even @marmarek doesn’t see any danger in it. Perhaps it’s a small danger, less important than many other attack vectors on Qubes, but I fail to see why it should be completely denied.