Stolen identities have the same problem as stolen Google Play publisher credentials. As soon as one scammer who has used an identity is found, the identity is burned, and all the scammers using that identity have to look for another. This is different from self signed certificates that you can create at will.
People like me who use Morphe aren't actually going to be inconvenienced much, so I doubt appeasing IP holders is the motivation.
I expect Google to ban the devs eventually. After all the app's sole purpose is breaking the TOS of YouTube.
Thank you for name dropping Morphe btw, I'll use that for as long as it still works.