[JoshTriplett]

As mentioned in my previous comment:

> It doesn't prevent those kinds of behaviors, but it makes denials less credible.

Once you start doing more malicious modifications of the browser, it should be more obvious (to both you and anyone observing or doing forensics on your behavior) that you're doing something malicious.

[tptacek]

Companies running their own MITM policies for their own devices aren't doing something malicious. This is one of the older Internet trust ideological battles, and those claiming that browsers should add features to make it harder for companies to manage their own equipment have lost it, pretty conclusively. See also: pinning overrides.