A clean security model with nothing to secure is an easy sell, but let’s see how this actually plays out when there are 10, 20, 100 plugins in their marketplace. The real test will come when complex platform-like extensions like Elementor, Yoast, and more are created. Will the capability model be able to handle them? This is unknown at this time.