TBH. the contents of this discussion page are also dubious.
The mentioned CSP does not come from DokuWiki nor is it a "browser security setting". Someone (probably the user's hoster/admin) set a CSP that is too restrictive. Preventing inline scripts will break the JSINFO variable and that in turn will break all kinds of plugins and probably some core functionality as well.
So is the plugin itself broken? Maybe. Possibly. But not for the reason mentioned on that discussion page.
I deleted the discussion page.