[thinkcontext]

Most extensions of any usefulness require these 2 permissions. How else would something like adblocking or a login manager work?

[detaro]

An adblocker is a good counter-example: it could work with an API that tracked the page changes and stopped e.g. JS or images inserted by the extension from loading. Even when editing the DOM, it has no need to load anything externally. Sounds possible, but I'm not sure how big the overhead of extending the DOM like that would be.

You probably could still create interactions with on-site JS that leak data sometimes, so it wouldn't be perfect, but that's page-specific and a lot more work.

[thinkcontext]

That would break a sizable amount of the web, eg, Youtube embeds.

[detaro]

How would an optional feature, for extensions only break the web? I'm not talking about changing the security policies in general.