+1
Do NOT use the plugin installer on a live/production site. Having write permissions set for the program code directories (and/or ownership by the web sever user) is insecure. It potentials means that in the event of a vulnerability to the web server the Moodle code can be arbitrarily changed.
Use it if you like, but change the permissions do the update and then put the permissions back again.