Sheesh, open all the things, or stop selling your product as 'open source'
Trezor *is* opensource and you don't need Plugin for it (e.g. Electrum). Anyway, Bridge (replacement for Plugin) is already opensourced.
Are our BTCs in danger if the plugin is not open sourced? I am not too technical, but I guess that we could loose our BTCs (if the trezor team would decide to scam, not that they will but speaking hypothetically) only while singing transactions if the plugin was to be malicious (by changing addresses etc..). Since trezor signs transactions locally I see this as the only possible scenario, am I right?
If trezor hardware, bootloader and firmware are all honest, and you double check the output address on trezor screen, the plugin cannot steal you coin by changing the address, because it will void your signature.
Technically speaking, the issue of the closed plugin is similar to Bits of Proof backend, because they both hinder you from running your own mytrezor instance.
However, it seems they are working hard to fix them now, but this requires sometime.