The whole legal basis on which we will be launching the plugin directory is not merely that ClassicPress won’t be legally liable, but that it will never take on any meaningful responsibility in the first place.
The plugin is the developer’s, the site is the user’s: we are simply providing a convenient location for the one to meet the other. Whatever the support forum looks like, it will be provided primarily because it’s helpful to other users (e.g. in resolving their own issues, and in enabling them to decide whether to use the plugin in the first place).
Where a developer and/or user feel the need to communicate privately about a plugin, we should make it clear that that should always take place away from any ClassicPress site. Such communication doesn’t meet either of the above objectives and, if we are seen to be endorsing the exchange of confidential information on our sites, then we will be expected to meet all sorts of tests about how we manage such communications to ensure they truly are secure.
Those who point out that this will be impossible to enforce 100% miss the point. No-one expects 100% enforcement. What will be expected are genuine and consistent attempts at enforcement. In other words, just as on the WP forums, mods should edit or delete posts that ask for or provide confidential information, and those involved should be warned not to do it on our virtual real estate.