If they're simply re-branding Moodle to fit with their institution then there would be no issue. To be honest we're trying to avoid mentioning Moodle as far as possible with our site, since it really isn't of any interest to the users of the system: they (probably) don't care to be honest what we use!
If (and I'm not a lawyer) they are removing all of the branding and attempting to pass it off as their own work to redistribute or sell, then they could be getting into some hairy areas in terms of breaching the terms of the GPL license under which they were able to get Moodle.
I'm not entirely sure why you're so het up about Moodle getting credit...IMHO the important people (techies basically) would recognise it as Moodle and give credit to Moodle regardless of whether or not there was an actual Moodle badge, and the rest of the users probably don't care that it's Moodle (note I say probably!!).
But definitely not a Security & privacy issue!