I looked at this plugin just a few weeks ago and I had two bigger issues with it.
First, your passwords were not encrypted in your Obsidian vault. Yes, WordPress has it on its roadmap to allow password scoping so that we could assign an application password to only do some things on a site, but this isn't currently available. Any other application that got your WordPress Application Password from Obsidian could in theory do anything that's available with the WordPress API.
Second, you couldn't create different accounts for different sites you may publish to.
I'm happy to say that both of those issues are now fixed. Your password is no longer in plaintext in the Obsidian vault, which means we are safer.
You can also now go to the settings for the Obsidian WordPress plugin and add more user profiles for sites you could publish to.
I love this plugin.
Get Obsidian WordPress.