If you're dealing with plugins from an unknown source, it's a
good design to separate plugins and such as entirely separate
processes. Then, when one goes down, it cannot bring down
anyone else, since there is no shared address space.
They can communicate with the OS-supplied interprocess
communications API.
Yes I think this is a good idea in general but the process/IPC
overhead can be substantial if you have a lot of (small) plugins.
I think Google chrome uses this trick (among others) to good
effect in providing fault tolerance (
http://www.geekosystem.com/google-chrome-hacking-prize/ ).
