![](https://programming.dev/pictrs/image/f4d95a4b-35fc-467d-a88c-d089387dbf0c.png)
![](https://lemmy.ml/pictrs/image/q98XK4sKtw.png)
Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.
There are non-UI applications with similar problems though.
Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
That's not utf8 either...