> Currently, if a plugin author chooses to self-host his plugin and not > list it in the directory, a malicious individual could e-mail Matt and > ask for an entry in the plugin directory with the same slug. Then, the > malicious individual could release an 'update' to the plugin that could > 0wn the blog. oh my... fantastic idea >:]