The Linux binaries nordvpn and nordvpnd don't have PIE/ASLR enabled. A such feature is used to harden programs against the exploitation of memory corruption bugs and should be enabled.
The use of ASLR has long been debated among the Golang community. However, it seems that it's becoming the default choice now.
https://hackerone.com/reports/817244