For other, less obnoxious users who find this post, *Customize your user permissions* on your Multisite install so that any user you wish to have unfettered access to inject malicious javascript into your site to steal your passwords and otherwise compromise your data. My plugin *doesn’t* let you do that customization, but if you did with another plugin, it’d work just fine.
My plugin obeys the same exact default rules that the WordPress Core Settings API does when posting to the admin’s options.php, which is that only users with ‘manage_options’ and ‘unfiltered_html’ can save such potentially dangerous code, which is 100% correct. (These user permission requirements for SnS have been in the readme.txt since the very first version I believe.)
This plugin, being focused on the entry and editing of this potentially dangerous code, *not enabling it* beyond what WordPress Core allows. (There are plenty of great plugins that let you change these permissions, and this plugin simply doesn’t need to duplicate that functionality.)
Back to this user, I don’t care about your inbox, silly. Please report your WordPress Core bug to WordPress Core: “Blog admins should be able to inject JS and steal other blog admins credentials by default.” I don’t think they’ll agree that this is a bug however.
