I think its a combination of A: they don't know which credentials are being used; B: While figuring it out would be somewhat trivial, it still requires effort to set up tracking for it; and C: We're not doing anything nefarious with it, challenging Nintendo's intellectual property, committing piracy, or using it to upload illegal content. As a reminder, Nintendo does not own the copyright on the courses uploaded to its servers. The creators do. By using SMM2, they grant Nintendo a non-exclusive license to use their courses in the game. Non-exclusive