Apps built on the Plugins2 (P2) framework are JAR files you upload and host on the Atlassian Marketplace. These files are then downloaded by customers and installed in their Atlassian server instances, including Jira Server, Confluence Server, and other server-based products.
P2 security pros
Server instances tend to be hosted behind a firewall, therefore limiting access to the outside world.
Security-conscious customers can decompile your code to see what it does. They can also monitor the traffic going both to and from the host to see what connections your app makes.
Customers can decide when they want to upgrade to the latest versions of your apps.
P2 security cons
There is no permissions system in P2: your app has full access to the host as any software installed does.
If you find a vulnerability in your P2 app then you will need to release a new version and notify customers to update. Unlike cloud apps built on the Connect framework, updating P2 apps is not an automated process.
Not every customer hosts their server instance behind a firewall.
P2 app updates and importance of customer communications
On server instances, app updates are performed by the customer. When you release a version to fix vulnerabilities, it is important to notify your customers that the new version needs to be installed. If you decide to release details about the vulnerability, do so only after giving customers ample time to download and install the new version.