the plugins are just javascript, so verifying that is actually a trivial task. You just open the plugin and read the source. NYU could also provide the code, to make it even easier.
You cannot verify that Facebook will not change its product to malware in the future. That it to say, at some point, you trust the software publisher in the same way you trust the service operator.
It's fine for you to trust the software publisher, that doesn't mean facebook should, especially when they're legally liable for data breaches that could result from it
Wait a second. How does Facebook trust Firefox? Microsoft Edge? Safari? The other 20 extensions I have installed, three of which save a copy of every single page I visit?
They don’t. They don’t, at the least, care about anyone’s data - they just phrase it that way to sound legitimate because saying “we want no oversight whatsoever” sounds whiny, and it is. (And so does what they ARE claiming to anyone who understands the technical side).
If facebook is concerned about data breaches from a browser plug-in why don't they just stop server the data to the browser? If the data is that valuable and easy to get it wouldn't be hard for someone to write malware that collects the data and phones home once in a while.