A couple days ago we wrote about a critical security vulnerability that was found in the popular WordPress Slider Revolution plugin and silently patched by its author. Envato Market has since launched further investigation of the matter, as the product is not only hosted on their marketplace but also packaged with many other products.
This vulnerability highlights the danger of allowing theme authors to bundle plugins in their products. Envato Market would have no need to list out 1,000+ potentially affected themes if it discouraged, or even forbade, theme authors from bundling plugins.WP Tavern
Whatever justification Envato authors previously used for bundling functionality into themes, they now have 1000 reasons not to.
Bundling plugins might appear appealing at first for authors, and they may even get enough sales that it seems to justify the action but this is not a long term strategy. Neither for an author that has to maintain this code or for a customer who is left with a jumbled mess that leaves them unable to switch themes. Not to mention the impact on site performance.
I know first hand that Stephen Cronin and the team at Envato are pushing heavily to increase coding standard for their themes, sadly a lot of the push back has come from authors who would rather keep the status quo than provide a higher quality product for their customers.