When it comes to highlighting the poor state of security with plugins on the WordPress Plugin Directory there are a lot of things we could point to, like the fact that we recently spotted a really easy to find vulnerability in one the hundred most popular plugins, or something like what we ran across the other day. We happened upon the Plugin Directory page for the http:BL WordPress Plugin, while looking into something unrelated to the security of WordPress plugins. On the description page we noticed this message:

This plugin is in the process of being refreshed. Compatibility with current versions of WordPress is unknown. Versions prior to 2.0 should be used only with extreme caution. There are known security issues and vulnerabilities. [Read more]