I emailed GitKraken on August 12th, 2019 about this issue which went nowhere
In GitKraken there is a potential vulnerability that allows access to Pro features without paying for them. I have tested this in 6.0.1, 6.1.1, and 6.1.4, but I suspect it works in all other versions as well.
Using a proxy server, such as Fiddler on Windows, it is trivial to change the response from the "https://api.gitkraken.com/phone-home" API endpoint to trick GitKraken into thinking the user has a Pro (or other) plan, unlocking the features of that plan even if the user has not paid for it.
This is done by changing the response from the "https://api.gitkraken.com/phone-home" endpoint to: