If you’ve ever wondered about plugins for AIR applications, I just published a article called Extending AIR Applications With Plugins which hopefully should answer most of your questions.
The trick to writing a plugin architecture for AIR applications isn’t really so much plugin management (installing, loading, deleting, etc.) as it is plugin security. Plugins that are privileged enough to be really powerful also have enough power to be potentially dangerous, so before an end user installs one, he or she needs to know not only who wrote it, but also that the plugin wasn’t somehow modified prior to installation. That’s where code signing and validation come in.
The sample plugin architecture I wrote addresses both plugin management and security. The article contains plenty of background on plugin security as well as sample code for an application called "Pluggable SearchCentral" which you can see in action below:
For more on how to write your own secure plugin architecture, see Extending AIR Applications With Plugins.