Hugely. If someone does manage to break in, then you've handed them a nice mechanism for downloading and installing stuff too. Better to work out a maintenance agreement with your users, if there aren't too many, or set things up so they can specifically download and reinstall on their own hook (WordPress-style).
That's what I was thinking. In the interest of security, I've decided to instead simply have them download .zip files and allow them to upload it into their own installation.