No permissions system, nothing resolved. Plugins still have access to everything - full disk, network, etc. How does one even speak of security vulnerabilities when the security model of Obsidian plugins is just straight up "click here for RCE".

All I see is a spanking new interface that will accelerate the pace of plugin turnover, bringing forward the next inevitable security incident.