The “critical” flag is only visible to project owners. There is neither an indication on a project’s page nor on your public account page. You can easily verify this: log out of PyPI and check your projects’ and user page.
A malicious entity can get stats by other means. PyPI provides a bigquery API. Sites like https://pypistats.org/ use the data from bigquery API to provide stats.
That reminded me that my PyPI ticket Document PyPI security policy in FAQ and security page · Issue #7970 · pypi/warehouse · GitHub is still open. In my opinion PyPI should make it more obvious that it is neither the responsibility of package uploaders nor PyPI to guarantee that software on PyPI a) works, and b) is secure.