My question applies to MEF and more generally to plugins.
In silverlight apps, MEF makes it very easy to write a host app that can accept some plugins registered dynamically.
This is all great, but how do you handle malicious plugins ?
For example, imagine that someone writes a plugin that listens to the key strokes entered by the user and manages to get password of users sent to its own server !
Is there any guidance on that ?