These are a bunch of straw man arguments against what I said. There is a difference between clicking a link and an extension being able to read the contents of pages you visit -- like your bank records or credentials.
Some of these "choices" aren't actually _made_ by anyone. Even with trust of an author, if remote code is being used and a domain or server is hijacked, then the remote code could be replaced. It's a lose-lose problem for Google and not addressing this problem means worse security for casual users. The boogeyman that they will remove useful extensions is antithetical to their behavior so far.
if (casual) users is what Google was concerned about that'd be easy to solve. They could ship a full ad-blocker with Chrome that renders third party extensions obsolete and there'd likely be no v3 debate, because those are the extensions primarily impacted by the design choices made.
The entire debate we're having rests on the fact that they're not integrating this functionality (despite this being technically trivial) because it's in conflict with their entire business model. Which is the only reason people have to reach for third party extensions in the first place.
Some of these "choices" aren't actually _made_ by anyone. Even with trust of an author, if remote code is being used and a domain or server is hijacked, then the remote code could be replaced. It's a lose-lose problem for Google and not addressing this problem means worse security for casual users. The boogeyman that they will remove useful extensions is antithetical to their behavior so far.