Are you:
a) Reviewing the plugin?
or
b) Reviewing the fact that the WordPress.org team actually accepted and approved the plugin and made it available into the repository?
Please understand that what you made, was actually the irresponsible action.
I reviewed the plugin – what else?
And why is it “irresponsible” to rate a plugin low if it increases the risk of getting hacked because people may add poorly written PHP code to their post or pages or even attackers may hack a site because the manage to add a post with their own code as part of it?
That the WordPress.org team allows such plugins in their repository – well – that’s another story and nothing to be discussed here.
This is so wrong…
Let’s all go to the biggest shop doors and forbid them to sell knives.
You know? Knives kill people… Oh wait, people kill people… With knives…
So who’s the fault? Is it the knife maker, the seller or the one who actually kills someone?
To make it a bit short: The plugin directory is supposed to let people get here and have a right to choose, right?
One should suppose that people who runs selfhosted WordPress websites should know what they are doing.
Oh no… You see, I need this plugin, but you don’t want it to be available, so I must not have the right to have it available, because you don’t want to.
People here need to become a bit more neutral.
If you don’t want to use the plugin, don’t.
I would agree with you if a “WARNING” sign (and description) should be added on the plugin’s main page, but a bad rating ‘just because’, I feel it’s just not right.
If anyone needs to be able to run PHP code as part of WordPress posts or pages he should add one or more custom shortcodes, this is really not that hard:
https://codex.wordpress.org/Shortcode_API
Allowing PHP code without any restriction as part of posts and pages means there is no security at all! Any user of the respective WordPress site can add any code – even those who are only allowed to write posts and nothing else. InsertPHP just does a plain eval() of the shortcode content without any security check at all!
And that’s my reason for giving a bad rating – because offering something which makes literally any security check in WordPress obsolete is nothing I can rate as “very good”.