Just a heads-up… I realized today that the Escher plugin can be used by ANY logged in user (even an otherwise-restricted Researcher) to upload plugins, since there’s an Escher button in the sidebar.
Of course, only Super Users can access the plugins interface to actually install or configure plugins.
While it probably isn’t really a functional issue, it could lead to a lot of messiness if a user without site editing permissions decided to experiment and upload random plugins! Deactivating Escher removes the button from the sidebar and solves that problem, but of course it must be reactivated before the next use.
NOTE: Guest User logins only allow front end access, so this is not an issue in that situation.
Just a note that Escher is not a plugin listed in our plugin directory. Nonetheless, registering a plugin does not mean that the Omeka team checks that plugin for functionality or security. The Omeka Team is only responsible for the security and stability of the plugins that we design and develop.