I get that. In fact I don’t really take issue with your contributions here… it’s more @PietArt’s commentary that simply restated what we have already discussed at length in this thread.
Nonetheless this is an important conversation. Anyone working with Obsidian’s community plugins should be aware of the possible risks. Moreover, we should be finding ways to mitigate it.
The recent conversations in this thread made me think that there could be some kind of “verified”-type program for highly popular plugins where a group of developers and users vouch for the integrity of plugins in the program. I wonder what that could look like? It would still not provide a guarantee but could increase users’ confidence and trust of a subset of plugins.
I just really wanna get past people saying “this is important!!!” and get to “here are some ideas for how to make this situation better” (where those ideas are anchored in the realities of the situation, e.g., we can’t just review every plugin completely.)