One thing that I think would be a huge boon that I didn't see mentioned in the article is permissions.

Basically a plugin would need to request and receive permission to use APIs from the user. Wanna write to disk? Ask the user for disk permissions(preferably limited to certain paths). Wanna phone home? User has to approve that permission upon install(or first usage or whatever)

Kinda like how Android manages permissions (maybe iOS too?I dunno I don't use it)

That's probably a bit of work, but it would make me feel a lot safer about plugins if you could make it happen!

Edit: wait I just realised that the "disclosure" part might actually be this, and I just got confused by the terminology used? I don't think it's entirely clear from the text if a plugin could technically use capabilities without disclosing them? Hopefully they can't, and then that's good enough, I think.