Sheesh, open all the things, or stop selling your product as 'open source'
Trezor *is* opensource and you don't need Plugin for it (e.g. Electrum). Anyway, Bridge (replacement for Plugin) is already opensourced.
Are our BTCs in danger if the plugin is not open sourced? I am not too technical, but I guess that we could loose our BTCs (if the trezor team would decide to scam, not that they will but speaking hypothetically) only while singing transactions if the plugin was to be malicious (by changing addresses etc..). Since trezor signs transactions locally I see this as the only possible scenario, am I right?