Only the most important one: Don't use anything that requires url_fopen
Whatever plugin it is, whatever function it performs, there'll be a much safer one out there. Give the guys here an idea of what the plugin does and someone will likely have a far more secure solution. There's quite a few blokes here who can take one look at a plugin and recode it directly in a reply on this board.
Maximum Cash Discount on any plan with MAXCASH