Tough the topic is not the same, this has been disused to great length over here: Sending Mods To Client and here: How, security-wise, is having mods sent different than downloading mods?
Not that this is the same, but look there for other security ideas.