Question about risk and 3rd party plugins, kde store from a user perspective

As an enthusiast (long time) user, I question myself about the use of plugin from the kde store. I usually avoid using too much 3rd party component but in the case of plasma configuration I use some (tentation to customize kde/plasma is high). I am no dev nor sys admin (apart from my own little environment) and I have difficulty evaluating the risk of those plugins but after the Global theme wipe out it’s seems necessary.
I encounter 2 caveats :

  • there are warnings for the risk that comme from the different plugin but it is not clear how are the different risk for each type, for exemple the Global theme are more sensible but is it the same for other component. Plasma style, Icons have a more simple warning so I suppose them to be safer, right ? I don’t really use Global theme but I have installed Splash screens (Kuro, Infinity-plasma-splash-6, Vivid,Qogir) are there sensible and Sddm theme they are not that important for me to take a risk but I like to have a better idea of what the different potential risk are.
  • the other problem is regarding kde store, in my case regarding custom widget. I don’t have add much but I wanted to have a diffent Menu/App launcher. Originally I use the included fullscreen Applications Dashboard (like its layout with keyboad and touchsceen) but it is going to be dropped as it seems difficult to maintain beside the search field is incompatible with virtual maliit-keyboard.
    So I search for replacement and encounter some on kde store in particular the Launchpad for plasma6 and Ditto Menu but the code on the github is not on sync with what is provided by kde store. The code on the github is outdated (almost 1 yr comparing to the kde store file). I can download the file from kde store and look directly to the code but I don’t have the capacity to really verify it.
    Usually to evaluate program I look on the github/gitlab etc and check if there are multiple contributor and issue, last commit etc. but here its not possible. I understand that the kde store is not manage buy kde and here it the responsability of the author of the plugin to have a coherent git/store but it is a little worrisome to see that and I wonder how to concider it and if it could be improve.

Sorry for the long post. I have difficulty making synthetic one in english which is not my main language