When you use a PLG, you are entrusting a third-party server with the file you are downloading. While reputable generators simply proxy the data, malicious actors could theoretically inject malware into the file stream or log user IP addresses and downloading habits.