idea 3 is to take a plugin and actually deconstruct it, demonstrate the tools all the way through to hunt for a sql injection to see if it can be hacked and model it.

This I can conceivably see a real devy WordPress group going for but its hard to keep it interesting while also making it realistic its also a lot of work if no one wants it.