There probably is some solution to this, whether it involves code running on just the wordpress installation or a combination of a wordpress installation and a master server I am not sure yet, but please remember not to have tunnel vision and consider any and all possible solutions:
The scenario is this: A WordPress plugin (plugin-A) that manages some sort of valuable data (something that the admin would not want stolen), lets say, lead data with user’s name and email addresses, the plugin uses its own db tables.
Other than the obvious (which is the admin installing plugin-B, not knowing its malicious intent), what is to prevent another WordPress plugin (plugin-B) from accessing plugin-A data or hacking plugin-A files to circumvent security.
Trouble is, you’ll be trying to protect the system from something that is running within it – the very nature of a WordPress plugin is that it has;
If the data you’re working with is that sensitive, or you simply don’t want to run the risk, don’t allow plugins (at least not without checking the source code first).