This should be the case, meaning that the page running in the hidden iframe will have the same security settings as the user's browser. For example, if the user's browser is set to never load a plugin, the plugin won't be loaded in the hidden page. I suspect if the plugin's setting is set to 'Ask to activate' I suspect because the hidden page has no way of interacting with the user, the plugin load will also fail.
If you need to interact with / depend on a plugin, you should test these different cases.
Jeff