saggi Who created or edited the page?
No. Don't bother with that. That is a recipe for things going wrong.
Simply, when ever the page is rendered and your plugin is called, check the current access permissions for the page and only render when the ACLs are set that only the configured users and groups may write, but nobody else.
Finding out who is or isn't allowed is a bit harder than it sounds. ACLs are usually meant to check if a specific user has access. But you want to check who has access. The aclinfo plugin might be a good starting point to figure out how to do that.
If you want to go an easier route first, you could only check that the general public can't write. That is a simple auth_aclcheck()
away. Not nearly as good as above, but at least some footshoot-protection.
(Note: this approach will show the results of HTML or PHP for everyone, keep caching working, but ensures only authorized users are able to create said HTML or PHP)