Again, musescore may already be involved with the CCP for contractual reasons. Basically all companies who do business in China are involved with them in some way. These things happen for reasons beyond their control, e.g. an investor sells everything off to foreign investors who then change the terms. If you're being careful, you have to assume they are already compromised. I don't apologize or make excuses, it's just basic safety. My view is that if this person is really worried about threats coming from a government, it would be wise to take those threats seriously. Github profiles are public, so it's not exactly hard for them to find this information.

Edit: I agree with you that if this musescore developer is lying about that, then that would be wrong of them. But I don't think I have enough information to make that judgement. So I think that's where we're disconnected. At least for open source projects, my view is to take any and all potential legal threats seriously until the matter is resolved with the lawyers.