Sorry for any confusion, and thank you for pointing out how it came across to you. The plugin remains in the directory because many sites still have it in use, and would like to keep it in place if it works for them.
But there are other plugins available that are more suitable for anyone starting a new project. I wouldn’t normally recommend using Google Doc Embedder if you’re not already using it! I hope that explains why we added the note that the ultimate plan is to retire the plugin.
The original author asked me to maintain the plugin in ‘housekeeping mode’, e.g. to respond to any security reports, which I have done, but have not been in a position to provide detailed support or updates.
I understand your concern that some plugins have been adopted by people who want to inject malicious code into your sites, but certainly wordfence and wordpress.org have been great at monitoring for that. All source code is publicly available so it is ultimately always possible to confirm any concerns about any wordpress.org plugins.
In particular, please remember that such scammers will normally have the objective of getting the plugin installed on as many sites as possible. In this case, we are actually discouraging fresh installs, which would be an unusual approach for a malicious plugin!
Thanks again for letting us know your concerns, and best of luck with the rest of your site.
Regards,
Dan