Hopefully. The alternative (silently alert and hope I pick up the phone) might not be so bad for users if a hosting provider is running analytics or ads, but from a detect-and-alert perspective it's pretty hard to tell the difference between a scummy-hosting-provider script and a credential-scraping bonafide hack. Many people (or robots) who install the latter aren't smart enough to defeat alerting measures, so it's a big benefit if those measures warn the users directly.
