Concept
In essence it revolves around having a core application that is extendable without updating the core. This creates a neat separation of concerns and also allow for additions and/or modifications that will not affect the domain specific details that are outside of the plugins.
Usually in plugin architecture one tend to talk about host application and plugins but I much prefer using the term core system or kernel as for me, what uses plugins can be a library that is in turn included inside a host application where plugins are used without the host application really knowing.
Security
Since plugins essentially is a form of executing code that isn’t initially a part of the core application it’s vital to ensure that the source for plugins are trustworthy.
Only allow loading of plugins that you have vetted through a rigorous process and in the best of worlds they can be signed and validated through using certificates.
Interfaces
It’s paramount to ensure that different components of a plugin architecture is clearly defined through interfaces, otherwise there is no way for a core system to know how to handle the different components.
Interfaces should have little to no dependencies and are usually best to be defined and kept in a project or module that is separate from either plugin implementations and core system.
Java
Commonly used project in the java community to add plugin support.