I get why they do it; for better or worse, the browser is a major way many people interact with email, banking, etc. etc. A malicious extension would be a world of hurt. Some of that is moving to mobile, but with 5 billion people on the internet, Firefox's "low" market share at 4 or 5% is still over 200 million people, so it's still used by dozens or perhaps even hundreds of millions of people for these high-security tasks.
When I did IT support I've seen so many people do completely crazy things. I've seen people with 6 or 7 different browser toolbars and they use none of them. People with 3 different virus scanners they never remember installing, and of course ransomware they never recall installing either. etc. etc.
And honestly, can you really say you'd never click on the wrong "allow this untrusted extension" button when distracted, engaged in something else, tired, or whatnot?
I agree it can be annoying, but it's not impossible to maintain your private (signed) extensions. And for >99% of people, it's probably a sensible thing to do – this includes most tech people because most tech don't have a bunch of private extensions.
For everyone else, you can sign your own private extensions (some effort, but fairly minor) or use the Developer Edition, which allows installing unsigned extensions.
When I did IT support I've seen so many people do completely crazy things. I've seen people with 6 or 7 different browser toolbars and they use none of them. People with 3 different virus scanners they never remember installing, and of course ransomware they never recall installing either. etc. etc.
And honestly, can you really say you'd never click on the wrong "allow this untrusted extension" button when distracted, engaged in something else, tired, or whatnot?
I agree it can be annoying, but it's not impossible to maintain your private (signed) extensions. And for >99% of people, it's probably a sensible thing to do – this includes most tech people because most tech don't have a bunch of private extensions.
For everyone else, you can sign your own private extensions (some effort, but fairly minor) or use the Developer Edition, which allows installing unsigned extensions.