[usrusr]

Unsafe defaults like "we run all plugins, unless someone goes through all the right motions of closing that door in all the right ...config.xml, ...config.enforced.xml" (and who knows what others) is just terrible. Terrible for any software, and worse for a piece of software that has no purpose at all besides security. What if there's a typo in your lockdown incantations? Not locked down.

That CVE isn't just a disagreement, it's a warning. Avoid security related software from people who enjoy keeping a security edge over the unwashed masses who aren't in the know, who don't get a kick out of locking down. Because that's why they keep the unsafe defaults, they keep them because they enjoy going the extra mile for their own safety. That is, unless they (also) have worse reasons for keeping unsafe defaults, but, well, Hanlon to the rescue.

[paulryanrogers]

Convenience and tradeoffs are inevitable. KP is meant for regular users with moderate risk tolerance and profile. Without plugins KP is much less useful. If the alternative is no password manager or trusting a SAAS then it may be worthwhile.

[usrusr]

I'm all for convenience trade-offs, but they need to be opt-in, not opt out.

[paulryanrogers]

Defaults are usually built for the widest market.

Full disclosure, I sell a premium KP2 plugin and would hate for users to have to reinstall KP2 or go through extra hoops to use my plugin.