The Linux binaries
nordvpnd don't have PIE/ASLR enabled. A such feature is used to harden programs against the exploitation of memory corruption bugs and should be enabled.
The use of ASLR has long been debated among the Golang community. However, it seems that it's becoming the default choice now.
$ rabin2 -I /usr/bin/nordvpn | grep pic
$ rabin2 -I /usr/sbin/nordvpnd | grep pic
Any memory corruption bug (e.g. buffer overflow) can easily lead to a working exploit when ASLR is not enabled.