Many AddOns may not break the TOS but they walk a gray area that marginalizes content. One good example is HealBot for WoW which uses legitimately exposed API information to mostly automate playing a healer in the game. You can set it up in a way that all a healer has to do is click on a player bar and the AddOns auto-chooses and auto-casts the most efficient spell to heal or cure the player. Technically no rules are being broken and it's just using the information being exposed by API and auto-executing commands that are again allowed by both the API and TOS. It's also been the AddOns of endless debate where many claim it's now required for high end raiding while at the same time making a whole set of healers that use it incapable of playing their class without it.

This is the sort of thing that is concerning if you start opening up your UI to user content. It may not be breaking any rules but many will argue that it is something that should be prevented. But how do you do that when the AddOns isn't technically breaking any rules?