hmm even though the code is open source, how do you know that the published extension is bundled using the same code as what is open sourced? I guess I'm trying to say you'll have to be okay with some level of trust here unless you clone the open source project use it to load an unpublished extension for yourself
That's understandable, I feel same when I install extensions.
In both browsers, you can install the extension from local disk instead of the browser stores. The release artifact is a ZIP file with plain JS inside, no bundling, minification, preprocessing, you can check it out.
Both Chrome and Mozilla did some inspection during several business days, but I can't say exactly what they checked and how diligently.