Feature #1: Plugin privileges. Why not give the blog administrator(s) the ability to give a plugin permission to do certain things? So like, when I go to install a plugin, WordPress will then tell me what privileges the plugin will need right out of the box. If the plugin needs any additional privileges later, WordPress will ask me to grant those privileges.
Feature #2: Maybe plugins should have a file extension that does not end in .php*. That way, plugins aren't compiled directly by the PHP compiler. Instead, WordPress looks at the PHP code and runs it if neither the file nor any associated PHP files appear to be attempting to modify any files belonging to Wordpess.