There are tons of widgets – they can be system or disk monitors, satellite image screens, weather forecasts or even the games. Some of them notify you about a new email, some will allow you to create to-do lists and keep track of your tasks. All of these widgets are free to download and made by community – i.e. developers donating their time to their pet projects.
When I download some widget, I often think about its code and structure – specially, when it requires you to fill in a username and a password to some service you are using. I keep thinking if it’s really safe to give the required data to the widget I have never heard of before. What if the developer was not a volunteer donating their time, but rather a criminal trying to get a hold on unsuspecting users’ private data including their usernames and passwords?
I am sure somebody would find that over a period of time, but it can be too late – private data of tens (or hundreds) of users could have been already stolen and misused.
I predict we will hear about the case of spyware on KDE or Gnome soon.
PS: Of course, any of this can easily happen on MS Windows as well.