Be more explicit about the signing status of fetched plugins and provide documentation about the different signing options.