This discussion thread is quite informative and philosophical at times. I have a purely technical question: if I download a plugin but not enable it, is there any harm if the plugin has a (honest) security hole?
So I have about a dozen plugins that I might potentially use, but would like to enable them only when needed. Would the need-based-enabling minimize any security risk? In other words, is there any difference between “disabled” and “uninstalled”, or between “all plugins disabled” and “safe mode”?