You can get infected even when activating Windows from illegal KMS servers on CMD. You don't know who manages it. But if you run a company and needs to activate a lot of workstations, you can setup your own safe KMS server to activate the machines.
Conclusion: it's better to leave Windows not activated if you're going to use these methods (in illegal ways) that breaks security. But if you have a company and your own KMS server, it's safe.