Features introduced in Leopard should make it possible to have plug-ins execute in their own process while rendering within a page. This would introduce a considerable benefit to stability, as plug-ins could no longer cause a crash in the host process. The basic idea would be to have a separate process for the plug-in rendering into its own off-screen window. The separate process itself could use WebKit so that the environment as seen by the plug-in is unaffected. In the host process, a stand-in for the plug-in would facilitate the exchange with the plug-in process. CGWindowListCreateImage() would be an avenue for grabbing the rendering of the plug-in and drawing it into the web view properly. IPC would be used to transfer host events (UI and programmatic) to the plug-in process, similarly for outbound programmatic events sent by the plug-in. The host plug-in would monitor the status of the plug-in process and disconnect rendering safely should the process die. The host could post a message to the user that a plug-in has crashed, giving them the option to re-initialize it or to stop it. When stopped, a default rendering will be drawn by the host (e.g. a broken plug-in icon of some sort).
If possible, this would be great. Based on stack traces, plug-ins seem to cause ~90% of hangs in I experience in Safari (Flash appearing to be the worst culprit), so preventing them from requiring a force quit of the browser would be a significant improvement to stability.
Given that Google worked out how to do this for Chrome, and they've open sourced the project, maybe the webkit team would take what's in Chrome and apply it to webkit if possible. I think this would make a huge difference to the webkit user experience (I have to say I like their model of all tabs running in separate processes).
This should be closed now, as this has been done in Snow Leopard