^^ to Xinhaun, If I get them to load some other un releated addon, that modifies you addon at runtime, how would they know? unlike a standalone .exe running, all you code is running under a single runtime. and it it was injected in a popular addon over time it could be used to worm its way in. Assuming that doesnt happen, do you plan to be the flood gate for every possible addons loaded in this system? How would you plan to handle the request load? At some point you will simply not be able to handle the review process and bad thing will get in/ acts as a virus vector and masquerade as something it isnt. You get into a bg for instance and you get broadcawst by the raid leader *new uber npc tracker|goals|enemy target|whatever* that is signed and says its XXX but is really YYYY and infects them and the chain continues on.
I do think security would be a bigger issue than anyone would let on, your basically allowing someone to inject code at runtime. all you need is someone to crack a key and there ya go, insta-worm vector.