I do think security would be a bigger issue than anyone would let on, your basically allowing someone to inject code at runtime. all you need is someone to crack a key and there ya go, insta-worm vector.
No, because the OP's idea doesn't _require_ the ability accept and run code from everyone on every addon channel without any confirmation from the user. It doesn't require the ability to accept and run code from *anyone* that you don't trust. In fact, I doubt it'd allow reception of code from anyone outside of your guild and/or party/raid, and I also doubt that it'd be implemented to be able to receive and execute code without asking the user first.
With that said, I'm sure some chinese gold farming account hacker will try to join random guilds and then blast code at people (disguised as something innocuous) that would cause them to send him all their gold next time they visit a mailbox.
I don't think the security concerns are valid as long as it isn't able to receive and run code from someone without asking the user first. Such a restriction would make it just as safe as downloading an addon from WOWUI (ok bad example, heh).
My problem is that I don't see a real use-case for it. I think inexperienced users would find it just as confusing and scary as using an updater.
I do think the settings sharing idea has merit though.