It could be good to have an option to disable plugin upload, maybe it could be even disabled by default (to be decided). Most users likely will never need it so good to make UI simpler etc. We would also need to update some FAQs.
It can be already disabled via
enable_plugins_admin but it would be great to have separate option for it as often users still want to use plugins admin but not the upload.
FYI: Only logged in super users can upload plugins, nothing will change there.
It could be good to have an option to disable plugin upload, maybe it could be even disabled by default (to be decided).
Will be good to decide on this soon. Administrators of a Piwik server would likely not expect Super Users to be able to execute code on servers. I think it would make a lot of sense to prevent RCE (remote code execution) by default for Super users, as it would be consistent with our high security standards and overall practises.