I'll clarify, i'm coming from the perspective of a user now. All these Addons/Workbenches with lots of code and functions and the ability to use python or git to download things from the web or start local servers (*cough*backdoors*cough*) etc... how do i know that I'm not compromising my box when I install these things?
There are all sorts of stories of attempts to compromise services like npm
and even audacious attempts at the linux kernel
As FC becomes more and more popular (we're seeing this as moderators where users are joining at an exponential rate daily!) we're going to need to think about how to seriously vet this 3rd party code or make distinctions between level of vetting.
This has been on my mind and i apologize if this takes the conversation off topic but just wanted to insert a nagging anxiety that I've been feeling for a while now (especially helping @yorik with the Addons repo).