You know... I totally forgot about admin permissions o_O. The two combined are over 2000 lines of code and not one is to stop people from accessing them.....
I thought that the security would be fine. After all it's taking the URL to update from the plugin. So any security breaches would be the responsibilty of the plugin creator. But I realised that's not the case in all of the places. I'll make a admin setting to allow/disallow admins from using plugins... seems like that other should be there anyway???
I'll get to work on the admin permissions straight away. Shouldn't take me too long I hope

Thanks for the heads up.
EDIT: Just found the permissions in the admin/plugins.php page. They use the permissions for changing settings. Since all of my called functions are in plugins.php, they should be covered by that setting. I'll do some testing but that should stop people who can't alter/change settings and plugins.
EDIT2: Ok. Anyone who has access to plugins can use the readme and update functions. All of EI's and Advanced Plugins called functions are in plugins.php. The EI class is put into global.php so that's covered by the basic admin protection. Now unless another admin has managed to put a PHP file on the server that makes use of EI's class, it should be secure. But if they can put a PHP file on the server in the first place, they certainly don't need EI

.
I will reupload the files though to tell everyone that to use these plugins, you must have access to change settings.