Obviously. Any third party connection is a potential problem. (But the German court only dealt with a very specific Google fonts case, you cannot generalise it)
But Laurent‘s comment is quite important. Joplin is open source. I am not sure if the GDPR applies. That’s a really interesting question.
Back to the topic of Hunspell: Perhaps it is desirable for Joplin to follow the same rules that apply to companies with regard to the GDPR. At least in the long run. If external request become a bigger problem in the future some solutions may pop up which Joplin can follow.