[palant]

You could also read the article before commenting. It’s one thing when an extension could do something but its code can be inspected to verify that it doesn’t. It’s an entirely different thing if it delegates its privileges to a web service that could do anything and that nobody can inspect.

Note: I’m the author of this article.

[KoftaBob]

I stand corrected, I must not have read the article carefully enough my apologies!

[bagacrap]

This distinction seems somewhat meaningless in practice. Are you going to audit every line of every extension you install, assuming it's all local code? And are you going to do this again every time it's (automatically) updated?

[alisonkisk]

Yes. This is exactly what happened with Great Suspender, which led to Google being succesfully pressured to ban it.