In response to post #41222915. It's an issue because some mods contain executables, and those that do not can be modified to add executables. An account with a popular mod downloaded by many people can be extremely valuable to a botnet owner: They download the mod, insert some malware, upload the trojaned mod to the account they have chosen to hijack, and sit back while a couple hundred unsuspecting people download and install their malware. This particular method of distributing malware is amenable to distributing one-off custom malware as well, meaning that no virus scanners will spot it because none of them will have seen it yet. If you're an old hand with VMware and wireshark and whatnot, you probably defend against this sort of thing out of habit all the time because you expect unauthorized outbound packets to start trying to get out of your machine at any moment, but if you're just a regular mod-using Joe that didn't consider the above nefarious use of a hijacked account of a popular mod maker, a way to defend against it is to check the last updated date on a mod - if a mod is a couple weeks old and has been download by a thousand people, you're probably good. If it's a popular mod and a fresh upload just appeared without any apparent reason for having been uploaded, you might want to hold off for a little bit.
