@keks I don't think this is an issue with the currently implemented plugins, mostly they don't call each other, and i'm fairly sure that the only plugins that communicate across the network are ooo, ebt, ssb-viewer and ssb-irc (hadn't though of ssb-irc till just now, which is why I plan to go through and review) viewer and irc arn't really that dangerous since they run from pubs and so if as long as the pub isn't a recipient of a private message then it's okay.

My immediate goal is just to make the current system work better and be easy to check that plugins are safe.

There are some interesting research I've heard vaguely about, where they like, trace the execution of a process, and can tell if it's possible for a private data to be in an output. (basically, they trace the causality flowing out of private data, if something is caused by private data, don't allow that to leak)... maybe if we can attract people researching this sort of stuff to ssb?