If the complaint is as easily dismissable as you say it is, without apparently even needing the consult of a lawyer experienced in Chinese law, then it seems no harm was done. The repository is still up months later, so that's where I'm giving credit to the repository owner. And obviously if the person is not a citizen of China then talks of investigation by the Chinese police wouldn't really be relevant, so again no harm done. The letter can be dismissed without needed to post it on Github and make an issue of it.
However I would still encourage open source authors to be educated on Chinese law and to avoid telling Chinese citizens to do things that could potentially get them arrested in China. If there is a real legal threat there it's irresponsible to ignore it. So in the end it's probably good that it was posted on Github.
Edit to respond to your edit: That's not my view. The issue is that the police have already been called by a different party. (or the equivalent of it, i.e. the company is contractually obligated to contact the government in the event of a violation, under threat of legal action from that government) The email appears to just be informing them of that fact. In my view, that is the only responsible thing to do. The only other option is to just not inform them, and have the police show up anyway.
You just said "Let's focus on the facts" but you are presenting another invalid theory. The email specifically mentions that nobody was contacted: "Otherwise, I will have to transfer information about you to lawyers who will cooperate with github.com and Chinese government...". The email is just a threat to install fear on the maintainer. There's no Chinese police involved yet, no laws being broken, no private API being used, no DMCA, there's nothing. You're grasping at straws. Please stop defending the indefensible.
Again, they may be under a non-negotiable contract with a government to say that. The replies further down the issue seem to suggest that is the case. I don't defend the actions of the parties responsible -- But the fact is if there are no Chinese laws being broken, I don't believe you or I are in the position to make that judgement, or at least that case hasn't been made so far. If your concern is with an oppressive government, please don't attack people who are also being oppressed by that government, and please don't suggest people ignore potentially real threats that could get them arrested by that government. I agree with you, I don't want the author of this software to get in legal trouble.
Again you're making conjectures and not sticking to facts. The only person attacking a person oppressed by the CCP is the MuseScore developer. He's also the one threatening to involve the CCP. And you're being an apologist for them. It wasn't an alert, nor an attempt to make the plugin legal. The "Otherwise, I will have to transfer information" is a pure and simple threat. And you're the one making excuses for that behaviour.
If this is a real threat then MuseScore really handled it the worst way possible and they should be ashamed for purposefully threatening to endanger a CCP citizen. If it's not, it's just a mafia-style shakedown.
Once again: if you don't see a problem with calling the CCP police on someone whose only personal information we know is that he's anti-CCP, then I don't think we have enough ethical common ground to even continue this discussion.
Again, musescore may already be involved with the CCP for contractual reasons. Basically all companies who do business in China are involved with them in some way. These things happen for reasons beyond their control, e.g. an investor sells everything off to foreign investors who then change the terms. If you're being careful, you have to assume they are already compromised. I don't apologize or make excuses, it's just basic safety. My view is that if this person is really worried about threats coming from a government, it would be wise to take those threats seriously. Github profiles are public, so it's not exactly hard for them to find this information.
Edit: I agree with you that if this musescore developer is lying about that, then that would be wrong of them. But I don't think I have enough information to make that judgement. So I think that's where we're disconnected. At least for open source projects, my view is to take any and all potential legal threats seriously until the matter is resolved with the lawyers.
However I would still encourage open source authors to be educated on Chinese law and to avoid telling Chinese citizens to do things that could potentially get them arrested in China. If there is a real legal threat there it's irresponsible to ignore it. So in the end it's probably good that it was posted on Github.
Edit to respond to your edit: That's not my view. The issue is that the police have already been called by a different party. (or the equivalent of it, i.e. the company is contractually obligated to contact the government in the event of a violation, under threat of legal action from that government) The email appears to just be informing them of that fact. In my view, that is the only responsible thing to do. The only other option is to just not inform them, and have the police show up anyway.