According to this article, you shouldn’t install the new WordPress ToolsPack Plugin.
It just installs a small php code that will allow your site to be backdoored and used as a redirect to an attack site.
Best practices for a WordPress blog – do not install plugins that you do not need, period. Other than being a security risk, even if you have legitimate WP plugins, having several of them which only offers minimal functionality will add up to your blog’s load time thereby slowing it down.
Maybe the WordPress guys can use security certificates to prevent the proliferation of useless/trojaned plugins.