From the article:
"I know for a fact that Wikipedia operates under a CC BY-SA 4.0 license, which explicitly states that if you’re going to use the data, you must give attribution. As far as search engines go, they can get away with it because linking back to a Wikipedia article on the same page as the search results is considered attribution.
But in the case of Brave, not only are they disregarding the license - they’re also charging money for the data and then giving third parties “rights” to that data."
The reason is they have proper build infrastructure managed by the Brave. With Ungoogled Chromium the binaries are produced by third parties, vary in version etc. People claim they would only use “open source software” but they do download binary versions nevertheless and don’t compile that code themselves. This increases the risk of a supply chain attack, where a malicious binary is submitted and nobody has really knows until it is too late. The other issue is they disable CRLSets because of “google hate” which we think actually increases the likelihood of a MiTM attack occurring because rogue certificates are not detected and invalidated as quickly as they could have been.
This article describes a few other things https://qua3k.github.io/ungoogled/