Most criticism relates to the marketing as "self-custodial" when its design requires significantly more trust than most systems we label as "self-custodial." It's self-custodial from a regulatory standpoint, like Liquid is. It's better, maybe, because it has this hypothetical unilateral exit.

On the unilateral exit thing though, I don't know anyone that's unilaterally exited successfully, do you? I'd guess most of the systems using Spark aren't designing/testing for that eventuality. I also haven't been able to find good information on how unilateral exits work beyond conceptual descriptions. (Admittedly I haven't looked as hard as I eventually will.)

Also, regardless of the innovations of the system, the federation is tiny and the innovations aren't widely dispersed, so having the majority of lightning consumers depend on it is risky. If the Spark operators decided to KYC, what do we switch to? We can't let self-sovereign lightning solutions atrophy to relatively centralized tools.