Viace

Hm, I can see why IPS made this change but to be honest, asking clients to seek custom app/plugin development is going to be a lot more expensive than finding an app on a marketplace that many customers will be able to purchase. I guess it will make me a lot more hesitant to spend my money on third party apps.

The problem is, without the current IPS scan/approval process of apps/plugins, any new development is a risk.  We also don't know how many iterations of scan/approval a given version of a given app had to go through to get final IPS approval, nor what those rulesets/barriers were for good practice per IPS standards.  We just know the end product from the Marketplace dev.  Now clients are subject to the intermediate iterations and any issues they expose.  This is particularly concerning when we get into PII and any level of security risk to our sites (which we had a confidence level IPS was protecting us from with their scan/approval process).

Right, so this bodes well for well known and established devs as they have already created a foundational trust model with clients.  For new devs, that's a barrier they'd have to create over time.  Meanwhile, clients either have no way to validate new devs work like IPS previously did to guarantee the safety of the app/plugin.
I think this greatly elevates the risk for clients and subsequently harms the potential for developers to grow the product.  Hobbyist sites will suffer the most as they simply don't have the resources to invest in robust security evaluation.
Perhaps another opportunity for a dev to provide some level of AppSec and InfoSec scanning of applications to lower the risk.  

Thanks
The author quickly fixed the problem.