I’ve replied to your question about issue #23 on that GitHub issue to keep discussion about that feature in one place.
Barring that, please do what you did with Kee 3.5 and release a new version of Kee any time a vulnerability is found in KeepassRPC that explicitly disallows connection to a vulnerable KeepassRPC plugin. That will at least force Kee users to upgrade their vulnerable KeepassRPC plugins immediately.
If there are ever any similarly critical vulnerabilities found in KeePassRPC then I would definitely take this same approach. For less critical ones I’ll make a risk assessment and decide accordingly.