8. The plugin may not send executable code via third-party systems.
Externally loading code from documented services is permitted, however all communication must be made as securely as possible. Executing outside code within a plugin when not acting as a service is not allowed, for example:
- Serving updates or otherwise installing plugins, themes, or add-ons from servers other than WordPress.org’s
- Installing premium versions of the same plugin
- Using iframes to connect admin pages; APIs should be used to minimize security risks