I use to use WordPress that heavily relies upon third party plugins. Plugins are a big issue with WordPress security because you have hundreds of authors who have various degrees of skill and trustworthiness. Plus, you then have the platform provider and hope they too know what they’re doing security-wise.
I’m glad that your plug-in exists. Otherwise, I’d have no way of displaying my last Mastodon post which is our status. I have a few things I’d like to configure, but I’m happy with it.
However, I moved from WordPress to SquareSpace because one company, SquareSpace, is responsible for the entire platform, the functioning of the webpage, and its security. if there is any issues, the Finger ‘o Blame has but one company to point to.
I’m not a security expert, so I can’t say whether there is a security issue with your plug-in. It’s probably fine. But now, if there’s a problem with my webpage or security issues, there is now a second company involved. That makes me nervous. I’m a volunteer who is running a whole bunch of webpages for various organizations. To me, it is worth the cost of using SquareSpace.
With Twitter crashing and burning, it’s time for SquareSpace to create a replacement for the Twitter plug-in.
* I would like a Mastodon Plug-in that would allow me a bit of configuration. The Twitter plug-in allows me to say how many updates I want to display. I could use that.
* An alternative is to use a plug-in that allows me to display an outside RSS feed. That’s more flexible because so many tools create an RSS feed. Again, I want to control how many items I’d like to display like I could for Twitter.