My worry is not the author or the extension; it's someone being able to push a new release of the extension (e.g. signing keys compromised, some vulnerability somewhere, etc), and it being automatically approved by Firefox without manual review.