Comment by embedding-shape
2 days ago
Does that help in this case though? I think the worry is that a rogue Obsidian plugin does bad stuff with your Obsidian vault, not just do stuff to the rest of the computer. But that vault/those notes live in the same sandbox as the (rogue) 3rd party plugin, which doesn't help with that, they really need to be isolated away from the notes themselves.
Anything that reduces the blast radius helps. There should still be a focus on further hardening. Most value comes from exploits that enable pivots. Attackers will focus on other vectors that enable broader pivots because immediate high value notes only exist for a limited set of users.
In this case, no, not really because the plugin is running within the same sandbox. I was addressing the more general point in the grandparent post.