Plugins are getting more risky to use. I never really thought about how many plugins I was trying out. I am easily amused and plugin shopping is a cheap hobby.
Just this month my web host contacted me (twice) about spam being sent from my sites. I wasn’t sending anything and I do have some security, keep everything updated and backed up (more or less). My web host said it was likely a plugin, code added to the plugin in order to spam. I don’t know the details but it did stop once I removed all the plugins I wasn’t really using. The host told me just deactivating them does not stop them from spamming. I hadn’t known that.
I do know that plugins posted to WordPress do not get checked over and tested the way themes do. They should. I don’t know why themes are treated differently than plugins. People may think a plugin they get from WordPress is safe, but there is no such thing. They are just as much a risk as something you download from any other site.
I trust JetPack, the worst it has are glitches and bugs which tend to get fixed. I trust Tom’s GP add-ons because they work with the GP theme and he is pretty accountable and active in supporting and maintaining his plugins as well as the theme. A few other plugins I have used for years and I can see the developers in the WordPress forums, active and not just a flash in the pan. But, I’m far more careful about the plugins I try now. I think you can have too many plugins and you have to be aware of what you have installed or downloaded. Every time you get a glitch chances are good it’s a plugin you recently installed.