That's true, a lot do write to the database. But most of the best, highly developed, plugins will write to the database... so you would be missing a lot by only using this criteria.
However, very few plugins are malicious (as far as I've seen). It is true that some can cause issues with your theme, installation, or database. That's why it's always important to backup before "trying" a new plugin.
Here are a few considerations when looking at new plugins:
1. What is it's rating?
2. How many downloads does it have?
3. How many say it works vs broken?
4. Is there a support forum or area for help with the plugin?
5. Is the plugin author responsive (like we are doing here)?
If you would like me to take a closer look at your installation, let me know and I'll provide you with a way to contact me securely with your login info.