Realistically, I think there are only two options to protect users from abuse from this kind of addon:
- Add a warning label to any addons that contain executables or link to them.
- Disallow addons that contain executables or link to them.
I'm skeptical of the following options:
- Disallow addons that contain executables, but allow links to a separately hosted download. The exe still ends up running on people's systems, regardless.
- Allowing bundled interpreted language third-party programs (e.g. javascript, php, etc). Few users will bother, meaning few authors will choose to distribute code this way. They will just host an exe off-site instead.