HAproxy is good at what it does but it’s only good at proxying and simple rules.
It's possible to write very complex rules/ACLs with HAproxy... stick-tables, ACLs with regexes on whatever HTTP header, source or destination ACLs, map files, geoblocking, lua scripting, load-balancing from round-robin to host header load balancing, dynamic backend servers provisionning through DNS... Not that you can't do it with Nginx (it started as a reverse-proxy before becoming a jack of all trades), nor that nginx isn't a great tool (it is!), but HAProxy can do very complex things too. It also follows the good ol' UNIX philosophy of "one program to do one thing and do it well" and thus doesn't try to be a webserver, hence why you need a webserver behind it to serve anything from static files to PHP/Python/whatever.
I must admit that my evil self impatiently waits for a crowdstrike-like event, but with a kernel-level anti-cheat instead. On the more serious side, it baffles me how much the vast majority of people don't care about privacy or security problematics. They literally don't give a f**k.