There is no “service” using it. There is no TinyCam server involved. It’s your Android device logging in with your Wyze credentials. He may or may not be copying them elsewhere - he says he’s not. I suppose network packet captures could confirm this.
I don’t know any details but as far as I determined the Wyze reverse engineering was performed and open sourced by an independent group, and Alexey merely used it in his existing product.
I don’t even know what you mean but SMS is still a valid method for the optional* Wyze 2FA.
Again, not an issue unless you’ve enabled 2FA.
This is true from what I have heard. I too don’t know any current status.
Nope. You know how I know that? Because Wyze servers don’t GET any video feeds to begin with, unless they are being fed event recordings on a CamPlus plan. Even for live viewing, the streams of video go from camera to viewing device, not to Wyze servers. So the various open source projects wouldn’t have any way to access every cam’s stream 24/7 by downloading from Wyze servers. That’s just not how their P2P works.