Yeah, that’s probably debatable depending on the project and context, but (the context is Discourse plugin, duh) I agree that nobody without programming skills should use AI to output something then share it to the public and let people use it. That’s a recipe for disaster.
And I was probably over-enthusiastic when I wrote the part you quoted 
I’ve created a couple of projects I shared on the official forum, but not released as proper plugins, with the warning that they are not to be considered production-ready and that nobody should install them if not able to review the code. That they are drafts or proof of concept.
Discourse provides guidelines for AIs specifically aimed at Discourse development, and AIs have access to the codebase. If you’re cautious AND you review the code, I think the risks are limited, especially for simple plugins.
In the case of the 🖼️ [Experimental] Topic Galleries plugin, I’m taking my time to learn and review the code more thoroughly. But from what I’ve already seen (before installing it!), security is OK. Safeguards are in place through built-in Discourse security features. 
I specifically requested some, and it did others by itself.
I have a good example of a security failure. When trying to build a project (not the gallery plugin!) with Gemini, by copy pasting, and Gemini not having access to specialized guidelines and codebase.
The plugin was meant to display the list of users’ uploads for admins for moderation purposes.
But without asking for any security feature, the code it provided actually leaked the uploads to anyone, not only admins. Even visitors had access to all the site’s uploads.