I am the author of the plugin.
To make it short: not trusting by default is GOOD.
I can tell you to trust me... how would that help
A few things:
- I don´t use or even need the password (you can check the source, as mentioned, when you get a plugin you get all the source, look for ANY API call requiring the password, you will find none)
- There is a single location where payment is requested: the 'show your support' button. If you click it, it opens the window to make a payment but you would still have to confirm with your password. If you dont give it... the payment cannot go thru.
- if the plugin would need/use your password, it would ask you for it... if it does not, you can feel on the safe side.
- since the plugin does not need the password, you could even connect using ANY account, no password will ever be asked
- if you still have a doubt, PLEASE test the plugin on the testnet, this is good practice anyway.
I think the only way for plugin to be trusted is to rate them. If you use and/or reviewed the plugin, you could mention it here.
You can also check nxtplugins.com where users can leave reviews.
I hope that answers your questions.