Please read: Security Issue on AMO « Mozilla Add-ons Blog - it was only a matter of time before the first Firefox extensions with trojans were distributed and slipped through Mozilla's review. Extensions are exactly that - code snippets that run in the same security context as Firefox itself. I believe that in the long run, we need a completely different architecture with much stronger sandboxing for applications and extensions if we want to get this under control.