If you come across a plugin on the OSS update center that is in fact closed source, please alert the community so that either the plugin can be removed or the plugin author can be nagged to open source it.
And FTR CloudBees while has (quite a lot of) closed source plugins, but we only host closed source ones on our own update center, in accordance with the wishes of the Jenkins community.
Any plugin that CloudBees publishes on the community's update center is open source... (part of our internal sign-off process before releasing a plugin to the OSS update center is to ensure that all source code is open source. For example the now defunct cloudbees-deployer-plugin which was to deploy applications to our old RUN@cloud product. That plugin started off as open source, then some changes required that it depend on a library we had that was closed source, so we had to fork it in-house for 2 years or so, then finally we got the full chain of dependencies open source again and re-open sourced the plugin... of course 6 months after that the business decided to shut down RUN@cloud... so we subsequently refactored the plugin to spin out the (to our thinking - quite useful) deployment framework as separate from the RUN@cloud specific deployment engine)