This is a question of trust, and I would argue that this it is more of a social than a technological problem. Sure, there are technical solutions (like only giving access to a limited scripting language, trying to sandbox the plugin, etc) but these can often be broken or abused.
Taking a look at how operative system deals with programs might be helpful here, because in a sense a program is a plugin to the operative system.
The traditional desktop OS lets the user decide what programs to trust and run them at their own risk. The user has to make up her own mind if she trusts the publisher of a specific program.
This has worked OK for the experienced user, but if you take a look at the number of browser toolbars on your parents computer I am sure you will agree it has been far from perfect. The internet it littered with trojans that makes easy targets out of inexperienced users (and some times the experienced as well).
The rise of smartphones and tablets gave developer a clean slate to work on, and they opted for a new system. Instead of letting users decide what publisher they trust, the OS vendors run official stores that all apps must be downloaded from. To be available there it must pass security review, and the vendors can punish publishers who try to spread malware by removing their products.
In this scenario users do not need to trust individual publishers. They only need to trust that the vendors do a good job in their reviews. Unfortunately, this system has proven to be less than water tight as well, since software in the grey zone as well as outright malware still manages to sneak past review.
So I think these are the two main options:
- Let users decide what plugins they trust, and suffer the consequenses if they misplace their trust.
- Have an official store where all plugins must pass review, and let users trust that process. If that trust is misplaced, both you and them will suffer the consequenses.