White-listing what addresses a web browser can reach seems to go against the intended use - you know, to browse the web.
Edit: Also, I don't think this is as much about trust as it is about avoiding being part of the huge target that the centrally hosted Firefox Sync servers must be.
While Firefox developers and Mozilla might be wholly trustworthy, they might become compromised by some configuration error or zero day vulnerability.
So someone might steal the sweet sweet treasure that is in the Sync servers.
Now, that is encrypted of course, but they might have made a simple error[1] in how encryption is implemented and the encryption may be defeated.
> White-listing what addresses a web browser can reach seems to go against the intended use - you know, to browse the web.
Agreed, but that was an extreme example. Blocking FFs known addresses should be sufficient with some additional network monitoring just in case.
I can't response to the rest of your comment, as my point was specifically about not needing to trust FF/MZ if you're running your own sync server. Once the software is within your network, it is entirely up to you, your tools and your skills to determine what does and does not leave it and to where.
If you have something you are that concerned about then you should whitelist everything. Note that the whitelist needs to be one both sides, the server and the users. This along with lots of other security protections, some of which are a lot stronger than a whitelist.
Instead of directly exposing the server to the internet, you could keep it behind a VPN. That way you only need to keep the VPN secure, the VPN serves as a whitelist.
Anyone _that_ concerned can operate a whitelist-only policy on their network, now nothing goes anywhere they don't want it to.