Well, this is VERY big point.
I (and I'm sure not only I) want for as much people as possible could run code that I developed, in browser, via plugin, if possible, without installation of plugin.
Unity Web Player is safe in this regard. Anything it downloads IS safe (after all, C++ plugins are disabled for that).
InstantAction plugin(not sure about T3D,there still no beta to check) basically give way to run ANY executable (it does not matter if said executable must be made with GG SDK). So it's only matter of time when some malware will be distributing this way. And after that - no way any user how know about about will install such plugin(or even worse, AVs will start detecting plugin itself).
Code signing is not fully solution for this. Suppose I'm indie, who bought T3D for 505US$(there is a way to get such price right now). Now that information GG has on me to sign my code?Credit card details? -
"Per game" plugins are not solution to this problem. First, it's (again) asking user to install that plugin and multiple plugins could play not so nice with each other even by accident. So Unity has BIG advantage here.