Yeah, the very first thing I thought of was along the lines of "Oh, so this is how attackers will compromise a machine and run http://my-favorite-bank.com.holepunch.io/login-and-give-me-a... on a compromised computer."

I do see the benefit of the service, but I think it would be cool if they offered a self-hosted version. A LowEndBox for $20/year gets you a box and an IP to tunnel through.

I am using a free tier instance in GCP and using tinc to accomplish exactly this. It's not "click and play" but setting it up is simple. If I ever outgrow the f1-micro its easy enough to add another node with a public IP.

It has the added benefit of being a full-on VPN, though I don't generally use it for regular internet browsing.

Well, this is working around externally imposed lack of internet connecivity after all. It might be called abuse by your local Mordac^Wperson disagreeing with you about risk assessments. You may want to try getting your net fixed, as an alternative to this proxying.