These cookies are used to improve our site performance. Some cookies are necessary for our website and services operation. Other cookies help personalise your experience and are optional, such as advertising and analytics. You can opt in to all cookies, decline non-essential cookies, or manage your options.

These cookies provide quantitive measures of our website traffic. Information collected with these cookies is used to measure our website and software performance. We use this information to make user and functional improvements to the website. If you do not allow these cookies, we will not know when you have visited our site.

Google Analytics Storage and G2 Reviews

Disabled

These cookies are set by us or by third party service providers to implement additional functionalities or to enhance features and website performance, however they are not directly related with the service you requested. Services and functionalities implemented by these cookies support features like automatic filled text box, live web chat platform, non-necessary forms and optional security parameters like a single sign-on (SSO).

Qualified Online Chat

We use Qualified to allow you to chat with our team and book sessions with us.

Disabled

These cookies are used internally and shared with our advertising partners to provide targeting advertising and re-marketing analytical data. They collect any type of browsing information necessary to create profiles and to understand user habits in order to develop an individual and specific advertising routine. This date is is used to customise the ads you see when you access other websites.

Targeting

Disabled

6Sense

Disabled

Clear Saved Settings

Articles / Blogs

The plugin security hole nobody talks about.

~ 1 min read · Mark Zammit

In the SaaS world, we don’t talk enough about the dark side of plugins.

Don’t get me wrong, plugins are powerful. For a small business trying to get up and running, they are virtually critical. But there is a massive catch that most people don’t realize until it’s too late.

For a plugin to work on a platform like Shopify, it often has to take a copy of your data, send it somewhere else, transform it and then send it back. Because these platforms don’t always give developers server-side control, those plugins are left with only one real tool: client-side JavaScript.

The issue with JavaScript is that it’s public. Anyone can right-click on your store, hit “inspect,” and see your code. If a plugin is making API connections to an external server, those credentials and data flows can be exposed.

This is a huge exploit. It’s why we are seeing so many data breaches lately, they aren’t usually coming from the core platform, but from a third-party plugin that the merchant didn’t even realize was copying their data to an unmonitored server.

StoreConnect opens up server control so you can store and manage your data directly on the Salesforce platform, protected by enterprise-grade security.

You aren’t relying on a “janky hack” to move data around. You can make API requests server-side, where they are hidden and secure and you maintain total ownership of your technology and your customer’s privacy.

It’s incredible that this hasn’t been picked up as a major weakness for the other players in the market. They are built on an ecosystem that is fundamentally flawed.

In 2026, first-party data ownership isn’t just a “nice to have”, it’s the only way to protect your business.

Don’t let a third-party plugin compromise your data. Learn more about our first-party security model.

Mark Zammit · March 17, 2026 ·

Blogs News

Download the report

The high price of fragmentation: A plan for unified commerce on Salesforce

Ready to calculate the real cost of data complexity in your business? Request the white paper to find out what second-hand data is costing you and what to do about it.

Booklet with download the report on the cover

The plugin security hole nobody talks about.

Download the report The high price of fragmentation: A plan for unified commerce on Salesforce

Download the report

The high price of fragmentation: A plan for unified commerce on Salesforce