When selecting a plugin, much the same security concerns apply as with custom code / code hacks. Consider the choice of plugin using the same check list found here : http://protectyourbusinessonline.com/security/custom-code-code-hacks/
There are many excellent well written free plugins available to use but there are also some from very questionable sources.
Another consideration when choosing a plugin is vendor support and updates. Free plugins seldom have any support and are rarely updated. Going with a paid plugin from a professional plugin developer can ultimately save time and money if you need to make any modifications.
Changes in new versions of WordPress can stop a plugin from working. For this reason when you review plugins from the WordPress library they report on if it has been tested with the version of WordPress you are running. WordPress will also add a warning about plugins that have not been updated in a long period of time and may no longer be supported.
Always choose a plugin that has been tested with the version of WordPress you are running and one that does appear to be supported.
While not a security concern, any plugin being used today should be responsive (mobile friendly). Adding a non-responsive plugin to a responsive website can break the responsive functionality.