Yeah, this is why I like Anaminus’s idea of allowing plugins to interface with the windowing system. Sure, there could be some trust issues, but plugins can already wreck your place if you’re not careful. Installing plugins just requires extra discretion.
Perhaps it could be a flag on the plugin asset while installing, warning the user that it can modify how Studio looks and to make sure they trust the originator. But that’s asking for web dev work. 
The idea is on the Trello board, so I wouldn’t imagine security is the reason it hasn’t been implemented yet (I assume the primary reason is that it’s a XXL update which will require a lot of time and resources). The most they’d be able to do is cover up the viewport/other panes or crash studio anyway, and neither of those seem like issues. You can already steal their viewport by continually reparenting a {1,0,1,0} button to the CoreGui (covering the other panes as well doesn’t make that big of a difference since the user can still exit studio), and crashing studio can already be done with a while true do loop.
The TODO list idea was added to the Trello board as well: