Thus, when a plugin is potentially insecure, it must be approved by someone with appropriate permissions.
The permissions involved are:
|tiki_p_plugin_approve||Can approve plugin execution|
|tiki_p_plugin_preview||Can execute unapproved plugin|
|tiki_p_plugin_viewdetail||Can view unapproved plugin details|
See Plugin Approval
Plugins can be enabled or disabled on a sitewide basis by an admin. So if you don't need it, turn it off.