Right. An alternate take on this passage is, "95% of contacts exercised basic security measures rather than blindly install unvetted code on their machine."
It doesn't take that much of a shift in perspective to turn this into a very optimistic statistic indicating that normal users aren't always quite as security-unconscious as we normally think -- that for whatever reason (security, apathy, paranoia, whatever) sometimes they do actually make the right choices when interacting with sensitive information like their browsing habits.
You could not pay me to install an unvetted Electron application where I can't even see the source code, that is designed to MITM my browsing activity. Even if I trust the author's intention, who wrote the app? Who tested it? How do I know that the automatic redactors are going to actually work? It's not like it's hard to have security leaks in Electron.
But that's exactly the point of the OP: 95% "declined like they should" -- but what does that say about the 5% that didn't? What general conclusions can you draw from data elicited through people that are clearly unlike the mainstream?
Even if it's an organization you recognize, verifying it's not someone using their name for some sort of scam isn't always straightforward.