In mho it is important - at least very interesting - to know beforehand wether a plugin depends or links to external sites or content.
"External" would mean any other source than the WP-site on which the plugin is installed.
By Policy any built-in external dependency of a plugin should be stated clearly (listed by class and file) on the plugin's homepage on the wordpress.org site.
I propose 2 classes of external dependencies:
1.) ACTIVE EXTERNAL DEPENDENCIES: a plugin uses features or services from external sources automatically. e.g. the purpose of the plugin relies on external functionality - therefore the plugin triggers external stuff actively by itself.
2.) PASSIVE EXTERNAL DEPENDENCIES
The plugin remains passive. A human user must trigger external access.
Example: link to author homepage.
While searching the Extend/plugins it should be possible to select/deselect plugins with active external dependencies.
BACKGROUND of the idea:
Suddenly on my blog drafts were accessed from one particular IP - or that IP at least tried to access my drafts. It exactly new the of the existence of a new draft. That made me think.
It took a lot of time to identify the plugin that revealed the draft's existence to somewhere outside.
1. Even though we live in an interconnected world, there may be purposes of sites where privacy is of great concern.
2. There are so many great plugins that testing them serioulsy takes a HUGE amount of time.
Then the description of the plugin's are many times not explicit wether they are an extension to some other service.
For themes TAC(Theme Authenticity Checker) http://wordpress.org/extend/plugins/tac/ does help a lot.
The policy would improve the transparency a lot.