Is it possible that plugins contain malicious code? I know that TAC (http://wordpress.org/extend/plugins/tac/) checks for malicious code in your wp themes, but how about plugins? If so, what would be the worst that could happen? Is there a way how you can check a plugin for malicious php script? Or is there a plugin that does this for you? (just like TAC) Thanks.